osTicket v1.10 (stable) and Maintenance Release v1.9.15 are now available! Go get it now
Large XSS vulnerabilities in osTicket 1.9.2
My co-workers like to break things that I have worked long and hard on and found some cross site scripting vulerabilities in the current version of osTicket. The following link shows some details. LINK
Does anyone know how I can patch this, instead of waiting for another version release?
My co-worker was able to inject a script after creating a new ticket that redirected to another webpage, and was able to change the Helpdesk Name/Title. This co-worker has admin privileges, so that may or may not increase his access to change things via XSS.
Thanks for any input!