CVE-2020-22609

Name of the Vulnerable Software and Affected Versions osTicket versions prior to 1.12.6

Description The issue is related to a Cross Site Scripting (XSS) vulnerability. It affects the queue-name parameter in the include/class.queue.php file. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For versions prior to 1.12.6, update to version 1.12.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the queue-name parameter in the affected include/class.queue.php file until a patch is available.