CVE-2022-31889
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
05/04/2023
Last modified:
13/02/2025
Description
Cross Site Scripting (XSS) vulnerability in audit/templates/auditlogs.tmpl.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae.
Impact
Base Score 3.x
6.10
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:enhancesoft:audit_log:*:*:*:*:*:osticket:*:* | 2022-04-21 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://checkmarx.com/blog/securing-open-source-solutions-a-study-of-osticket-vulnerabilities/
- https://github.com/osTicket/osTicket-plugins/commit/047a1c3ae4f12f8952bbdad8143d5b74fdac14b1
- https://checkmarx.com/blog/securing-open-source-solutions-a-study-of-osticket-vulnerabilities/
- https://github.com/osTicket/osTicket-plugins/commit/047a1c3ae4f12f8952bbdad8143d5b74fdac14b1