Description
A stored cross-site scripting (XSS) vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file.
Remediation
References
Related Vulnerabilities
WordPress Plugin Advanced Page Manager Cross-Site Scripting (1.4.1)
WordPress Plugin Project Supremacy V3 Lite Cross-Site Scripting (1.1)
WordPress Plugin Database Backups Cross-Site Request Forgery (1.2.2.6)
Undertow Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2023-1108)