Summary
Tickets CAD is prone to multiple vulnerabilities.
1. A Reflective XSS vulnerability exist in the search function, search.php within the application.
2. A Stored XSS vulnerability exist in log.php while creating a new log entry.
3. Information disclosure exist which allows users even the guest account to view the tables of the sql database.
Tickets CAD 2.20G is vulnerable
other versions may also be affected.
References
Updated on 2015-03-25