Fortinet's FortiGuard Labs has discovered an DOM Based Cross-Site Scripting vulnerability in osTc products.
osTicket is a widely-used open source support ticket system. It seamlessly integrates inquiries created via email, phone and web-based forms into a simple easy-to-use multi-user web interface. Manage, organize and archive all your support requests and responses in one place while providing your customers with accountability and responsiveness they deserve.
Users should upgrade the product to latest version
Fortinet reported the vulnerability to osTicket on 06 February, 2020.Â
osTicket confirmed the vulnerability on 07 February, 2020.Â
osTicket released the fix on 02 May, 2020.