CVE-2020-24917

Published August 30th, 2020

View on NVD ↗

CVSS v3

6.1

MEDIUM

CVSS v2

4.3

MEDIUM

Affected

1

PROJECT

Description

osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php.

osTicket/osTicket

The osTicket open source ticketing system official project repository, for versions 1.8 and later

GitHub

3.81K