CVE-2018-7193

Name of the Vulnerable Software and Affected Versions osTicket versions prior to 1.10.2

Description The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the order parameter in the "/scp/directory.php" API endpoint.

Recommendations For versions prior to 1.10.2, update to version 1.10.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/scp/directory.php" endpoint or avoiding the use of the order parameter until the update is applied.