Osticket · Osticket · CVE-2020-16193
**Name of the Vulnerable Software and Affected Versions**
osTicket versions prior to 1.14.3
**Description**
The issue arises from an unvalidated echo call in the include/staff/banrule.inc.php file, specifically `echo $info['notes']`, which allows for XSS attacks.
**Recommendations**
For versions prior to 1.14.3, update to version 1.14.3 or later to resolve the issue.