Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote malicious user to escalate privileges via a crafted support ticket.