scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase Category Name or Category Description. The attacker must be an Agent.
Analyzing vulnerability vectors…
Your command center for real-time vulnerability intelligence — built for security professionals who need answers fast.
Get the full picture on any CVE — kill chain diagrams, exploit sequences, technical breakdowns, and key risks. No credit card required.