Several vulnerabilities were reported in osTicket. A remote user can upload files to the target system. A remote user can hijack the target user's session. A remote user can conduct cross-site scripting attacks.
Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network