6.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
33.5%
osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php.
github.com/osTicket/osTicket/commit/518de223933eab0c5558741ce317f36958ef193d
github.com/osTicket/osTicket/compare/v1.14.2...v1.14.3
sisl.lab.uic.edu/projects/chess/osticket-xss/