CVE-2008-0093

Name of the Vulnerable Software and Affected Versions eTicket versions 1.5.5.2, 1.5.6 RC2, and 1.5.6 RC3

Description The issue allows remote attackers to inject arbitrary web script or HTML via the Name and Subject parameters in the newticket.php file. This can lead to cross-site scripting (XSS) attacks.

Recommendations For version 1.5.5.2, update to a version that fixes the XSS vulnerabilities. For version 1.5.6 RC2, update to a version that fixes the XSS vulnerabilities. For version 1.5.6 RC3, update to a version that fixes the XSS vulnerabilities. As a temporary workaround, consider restricting user input for the Name and Subject parameters to minimize the risk of exploitation.