Description osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info['notes'] call. Remediation References CVE-2020-16193 Related Vulnerabilities WordPress Plugin Subscribe to Comments Local File Inclusion (2.1.2) Drupal Improper Input Validation Vulnerability (CVE-2013-6389) Magento CVE-2019-8144 Vulnerability (CVE-2019-8144) WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce SQL Injection (5.7.25) WordPress Plugin Contus HD FLV Player 'uploadVideo.php' Arbitrary File Upload (1.7) Severity Medium Classification CVE-2020-16193 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities