osTicket cross-site scripting vulnerability (CNVD-2020-50538)

osTicket is a widely used and trusted open source work order support ticket system. A cross-site scripting vulnerability exists in osTicket versions prior to 1.14.3. The vulnerability can be exploited to conduct a cross-site scripting attack via a specially crafted filename for...

CVE-2020-24917

osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::uploadInlineImage in include/ajax.draft.php...

Cross site scripting

osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::uploadInlineImage in include/ajax.draft.php...