Description
scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase Category Name or Category Description. The attacker must be an Agent.
Remediation
References
Related Vulnerabilities
PHP Use After Free Vulnerability (CVE-2016-4473)
Apache HTTP Server Out-of-bounds Read Vulnerability (CVE-2017-7668)
WordPress Plugin WP OAuth Server (OAuth Authentication) Cross-Site Scripting (4.2.1)
MediaWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-1055)
WordPress Plugin Rent-A-Car TimThumb Arbitrary File Upload (1.0)