CVE-2023-46967

Name of the Vulnerable Software and Affected Versions Enhancesoft osTicket version 1.18.0

Description The issue is related to a Cross Site Scripting vulnerability in the sanitize function, allowing a remote attacker to escalate privileges via a crafted support ticket. This vulnerability is also associated with a common Desanitization code pattern that can lead to serious issues.

Recommendations For version 1.18.0, consider disabling the sanitize function as a temporary workaround until a patch is available. Restrict access to the support ticket system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.