CVE-2019-14750

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-14750
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-14750.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-14750
Published
2019-08-07T17:15:12Z
Modified
2025-01-08T10:22:33.698386Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions.

References

Affected packages

Git / github.com/osticket/osticket

Affected ranges

Type
GIT
Repo
https://github.com/osticket/osticket
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

v1.*

v1.10
v1.10-dpr
v1.10-rc.1
v1.10-rc.2
v1.10-rc.3
v1.10.1
v1.10.2
v1.10.3
v1.10.4
v1.10.5
v1.10.6
v1.8-dpr
v1.8.0
v1.8.0-rc1
v1.8.0-rc2
v1.8.0.1
v1.8.0.2
v1.8.0.3
v1.8.1
v1.8.1-dpr
v1.8.1-rc1
v1.8.1.1
v1.8.1.2
v1.8.2-dpr
v1.8.3
v1.8.4
v1.9-rc
v1.9.0
v1.9.1
v1.9.11
v1.9.12
v1.9.2
v1.9.3
v1.9.4
v1.9.4-dpr
v1.9.4-rc1
v1.9.4-rc2
v1.9.4-rc3
v1.9.4-rc4
v1.9.4-rc5
v1.9.5
v1.9.5.1
v1.9.6
v1.9.7
v1.9.8
v1.9.8.1
v1.9.9