Cross Site Scripting Vulnerability in osTicket by Enhancesoft

CVE-2020-22609

What is CVE-2020-22609?

A Cross Site Scripting (XSS) vulnerability exists in osTicket prior to version 1.12.6, allowing attackers to inject malicious scripts through the queue-name parameter in the include/class.queue.php file. This could enable unauthorized access or actions within the affected web application, potentially compromising user data and session integrity.

References