Description
Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php.
Remediation
References
Related Vulnerabilities
Jenkins Improper Authentication Vulnerability (CVE-2014-2062)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4421)
WordPress Plugin WooCommerce Smart Coupons Security Bypass (4.6.0)
PHP Other Vulnerability (CVE-2004-0959)
Oracle Application Server Other Vulnerability (CVE-2006-5362)