Back to CVE List

CVE-2026-36214

Vulnerability Description

osTicket versions from 1.10 up to 1.17.7 and from 1.18.0 up to 1.18.3 are vulnerable to a stored XSS due to a vulnerable Bootstrap Tooltip component and insufficient HTML sanitization, allowing remote attackers to execute arbitrary JavaScript in Agent or Admin sessions.

Vulnerability Details

Published Date
Last Modified
Source
NVD

External References

Discussion (0)

Add Comment

No comments yet. Be the first!