← volver
CVE-2019-14750

CVE-2019-14750

EPSS 11.7%
Vexday Risk Score
43Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
Madurez del exploit
Exploit funcional
Exploit automatizable disponible (Nuclei/Metasploit).
CVSS EPSS 11.7%KEV nãoPoC públicaNuclei simMetasploit Patch
Ciclo de vida
07 ago 2019Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions.
Productos afectados
n/a · n/a
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.