enhancesoft CVE Vulnerabilities & Metrics

Focus on enhancesoft vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About enhancesoft Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with enhancesoft. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total enhancesoft CVEs: 20
Earliest CVE date: 09 Jul 2014, 14:55 UTC
Latest CVE date: 23 Oct 2023, 20:15 UTC

Latest CVE reference: CVE-2023-27149

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical enhancesoft CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 1.51

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	16
4.0-6.9	4
7.0-8.9	1
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS enhancesoft CVEs

These are the five CVEs with the highest CVSS scores for enhancesoft, sorted by severity first and recency.

CVE-2021-42235 enhancesoft Published on 04 May 2022, 17:15 UTC (CVSS: 7.5)
SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers to access the osTicket administration profile functionality.
CVE-2020-22609 enhancesoft Published on 28 Jun 2021, 19:15 UTC (CVSS: 4.3)
Cross Site Scripting (XSS) vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter in include/class.queue.php.
CVE-2020-22608 enhancesoft Published on 28 Jun 2021, 19:15 UTC (CVSS: 4.3)
Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter to include/ajax.search.php.
CVE-2019-13397 enhancesoft Published on 09 Jul 2019, 17:15 UTC (CVSS: 4.3)
Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via arbitrary file extension while creating a support ticket.
CVE-2014-4744 enhancesoft Published on 09 Jul 2014, 14:55 UTC (CVSS: 4.3)
Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) do parameter to account.php.

All CVEs for enhancesoft

CVE-2023-27149 enhancesoft vulnerability CVSS: 0 23 Oct 2023, 20:15 UTC

A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input parameter when updating a custom list.

CVE-2023-27148 enhancesoft vulnerability CVSS: 0 23 Oct 2023, 20:15 UTC

A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter.

CVE-2021-45811 enhancesoft vulnerability CVSS: 0 08 Sep 2023, 02:15 UTC

A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.

CVE-2023-30082 enhancesoft vulnerability CVSS: 0 14 Jun 2023, 20:15 UTC

A denial of service attack might be launched against the server if an unusually lengthy password (more than 10000000 characters) is supplied using the osTicket application. This can cause the website to go down or stop responding. When a long password is entered, this procedure will consume all available CPU and memory.

CVE-2022-31890 enhancesoft vulnerability CVSS: 0 05 Apr 2023, 22:15 UTC

SQL Injection vulnerability in audit/class.audit.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae via the order parameter to the getOrder function.

CVE-2022-31889 enhancesoft vulnerability CVSS: 0 05 Apr 2023, 22:15 UTC

Cross Site Scripting (XSS) vulnerability in audit/templates/auditlogs.tmpl.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae.

CVE-2022-31888 enhancesoft vulnerability CVSS: 0 05 Apr 2023, 22:15 UTC

Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2.

CVE-2023-1320 enhancesoft vulnerability CVSS: 0 10 Mar 2023, 16:15 UTC

Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.

CVE-2023-1319 enhancesoft vulnerability CVSS: 0 10 Mar 2023, 16:15 UTC

Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.

CVE-2023-1318 enhancesoft vulnerability CVSS: 0 10 Mar 2023, 16:15 UTC

Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6.

CVE-2023-1317 enhancesoft vulnerability CVSS: 0 10 Mar 2023, 16:15 UTC

Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.

CVE-2023-1316 enhancesoft vulnerability CVSS: 0 10 Mar 2023, 16:15 UTC

Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.

CVE-2023-1315 enhancesoft vulnerability CVSS: 0 10 Mar 2023, 16:15 UTC

Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.

CVE-2022-4271 enhancesoft vulnerability CVSS: 0 02 Dec 2022, 16:15 UTC

Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4.

CVE-2021-42235 enhancesoft vulnerability CVSS: 7.5 04 May 2022, 17:15 UTC

SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers to access the osTicket administration profile functionality.

CVE-2020-22609 enhancesoft vulnerability CVSS: 4.3 28 Jun 2021, 19:15 UTC

Cross Site Scripting (XSS) vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter in include/class.queue.php.

CVE-2020-22608 enhancesoft vulnerability CVSS: 4.3 28 Jun 2021, 19:15 UTC

Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter to include/ajax.search.php.

CVE-2020-14012 enhancesoft vulnerability CVSS: 3.5 10 Jun 2020, 18:15 UTC

scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase Category Name or Category Description. The attacker must be an Agent.

CVE-2020-12629 enhancesoft vulnerability CVSS: 3.5 04 May 2020, 13:15 UTC

include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name.

CVE-2019-13397 enhancesoft vulnerability CVSS: 4.3 09 Jul 2019, 17:15 UTC

Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via arbitrary file extension while creating a support ticket.

CVE-2014-4744 enhancesoft vulnerability CVSS: 4.3 09 Jul 2014, 14:55 UTC

Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) do parameter to account.php.