Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Customer Support

osTicket

osTicket is a widely-used open source support ticket system. It seamlessly integrates inquiries created via email and web-based forms into a simple easy to use multi-user web interface. Easily manage organize and archive all your support requests and responses in one place while providing your clients with accountability and responsiveness they deserve.

Official Site:

http://osticket.com/

Severity Summary:

Critical: 4 High: 9 Medium: 34 Low: 1
Reference
Title
Severity
CVE-2020-24881
osTicket Server-Side Request Forgery (SSRF) Vulnerability
Critical
CVE-2021-42235
osTicket Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Critical
CVE-2017-14396
osTicket Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Critical
CVE-2017-15580
osTicket Unrestricted Upload of File with Dangerous Type Vulnerability
Critical
CVE-2026-22200
osTicket Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
High
CVE-2023-30082
osTicket Improper Validation of Specified Quantity in Input Vulnerability
High
CVE-2022-31888
osTicket Session Fixation Vulnerability
High
CVE-2005-1439
osTicket Other Vulnerability
High
CVE-2005-1438
osTicket Other Vulnerability
High
CVE-2010-0605
osTicket Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2006-5407
osTicket Other Vulnerability
High
CVE-2018-7195
osTicket Vulnerability
High
CVE-2019-14749
osTicket Improper Neutralization of Formula Elements in a CSV File Vulnerability
High
CVE-2018-7194
osTicket Integer Overflow or Wraparound Vulnerability
Medium
CVE-2023-1315
osTicket Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-1320
osTicket Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-1319
osTicket Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-1317
osTicket Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-1318
osTicket Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-1316
osTicket Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-13397
osTicket Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-24917
osTicket Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-32074
osTicket Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2021-45811
osTicket Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Medium
CVE-2023-27149
osTicket Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-27148
osTicket Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-46967
osTicket Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-45387
osTicket Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-26241
osTicket Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Medium
CVE-2022-4271
osTicket Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium