N/A

Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow remote attackers to inject arbitrary web script or HTML via (1) the t parameter to view.php, (2) the osticket_title parameter to header.php, (3) the em parameter to admin_login.php, (4) the e parameter to user_login.php, (5) the err parameter to open_submit.php, or (6) the name and subject fields when adding a ticket.

N/A

N/A

osTicket多个跨站脚本攻击漏洞

osTicket存在多个跨站脚本攻击(XSS)漏洞， 远程攻击者可以通过(1)传给view.php的t参数，(2)传给header.php的osticket_title参数，(3)传给admin_login.php的em参数，(4)传给user_login.php的e参数，(5)传给open_submint.php的err参数，或者(6)在添加票据时的名字和主题字段，来注入任意Web脚本或HTML。

N/A

N/A