Cross-site scripting (XSS) vulnerability in view.php in eTicket 1.5.5.2 allows remote malicious users to inject arbitrary web script or HTML via the s parameter.
source: wwwsecurityfocuscom/bid/27173/info
eTicket is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input These vulnerabilities include multiple SQL-injection issues, a cross-site scripting issue, and an authentication-bypass issue
A successful exploit could allow ...