Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-32074: GitHub - osTicket/osTicket-plugins: Core plugins for osTicket (v1.8+)

A stored cross-site scripting (XSS) vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file.

CVE
Open in Source
#xss#vulnerability#web#git#php

Core plugins for osTicket

Core plugins for osTicket-1.8 and onward

Installing

Clone this repo or download the zip file and place the contents into your include/plugins folder

After cloning, hydrate the repo by downloading the third-party library dependencies.

Building Plugins

Make any necessary additions or edits to plugins and build PHAR files with the make.php command

php -dphar.readonly=0 make.php build <plugin-folder>

This will compile a PHAR file for the plugin directory. The PHAR will be named plugin.phar and can be dropped into the osTicket plugins/ folder directly.

Translating

Translation service is being performed via the Crowdin translation management software. The project page for the plugins is located at

https://crowdin.com/project/osticket-plugins

Related news

CVE-2022-31890: Securing Open-Source Solutions: A Study of osTicket Vulnerabilities

SQL Injection vulnerability in audit/class.audit.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae via the order parameter to the getOrder function.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE