osTicket version 1.9.4 suffers from a cross site scripting vulnerability.