Enhancesoft osTicket cross-site scripting vulnerability (CNVD-2018-07905)

Enhancesoft osTicket is a U.S. Enhancesoft's open source ticketing system. A cross-site scripting vulnerability exists in the /scp/directory.php file in Enhancesoft osTicket versions prior to 1.10.2. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the...