CVE-2018-7196

Name of the Vulnerable Software and Affected Versions osTicket versions prior to 1.10.2

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the sort parameter in the "/scp/index.php" API endpoint.

Recommendations For versions prior to 1.10.2, update to version 1.10.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/scp/index.php" endpoint or avoiding the use of the sort parameter until the update is applied.