What the vulnerability does
01Description
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4.
CVE-2022-4271
HIGH
CVE-2022-4271: Cross-site Scripting (XSS) - Reflected in osticket/osticket
CVSS base score
8.0/10
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Key dates
02Disclosure timeline
December 2, 2022
CVE published
April 14, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-30430 WordPress FluentCRM plugin <= 2.8.44 - Cross Site Scripting (XSS) vulnerability
CVE-2023-4423 WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce <= 3.1.37.1 - Authenticated (Admin+) Stored Cross-Site Scripting
CVE-2018-15635
CVE-2021-3945 Cross-site Scripting (XSS) - Stored in django-helpdesk/django-helpdesk
CVE-2024-43133 WordPress Themify Shortcodes plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability
