Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

osTicket v1.10 (stable) and Maintenance Release v1.9.15 are now available! Go get it now

Is this vulnerability an issue still?

I found this vuln, I was wondering if it has been patched or what kind of issue it presents. I'm considering opening up osticket to the outside world but want to make sure we aren't being exposed. Thank you!

http://packetstormsecurity.com/files/119211/osTicket-1.7-DPR3-XSS-Disclosure-Redirect-SQL-Injection.html

Comments

  • The vulnerabilities were addressed long ago. The referenced version was a Developer Preview release.
  • I believe that it was fixed with osTicket 1.7 DPR4 released on or about June 19, 2012.

    Which you will note is about 6 months before that vuln was posted.
Sign In or Register to comment.