CSRF exists in the JS Support Ticket 1.1.0 component for Joomla! and allows malicious users to inject HTML or edit a ticket.
joomsky js support ticket 1.1.0