Description
Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via arbitrary file extension while creating a support ticket.
Remediation
References
Related Vulnerabilities
MediaWiki CVE-2022-28206 Vulnerability (CVE-2022-28206)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3818)
Jboss EAP Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-3859)
WordPress Plugin Video Conferencing with Zoom Cross-Site Scripting (3.8.15)