Description
Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Bulk Page Creator Cross-Site Scripting (1.0.9)
WordPress Plugin Annonces 'abspath' Parameter Remote File Include (1.2.0.0)
PHP Numeric Errors Vulnerability (CVE-2015-7804)
WordPress Plugin Thank You Counter Button Multiple Cross-Site Scripting Vulnerabilities (1.8.7)
WordPress Plugin Interactive SVG Image Map Builder Cross-Site Scripting (1.0)