CVE: CVE-2021-3994 Vulnerability Type: CWE-79: Cross-site Scripting (XSS) - Stored Severity: High (8.8) Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High Status: Fixed Disclosed By: lethanhphuc (@noobpk) Fixed By: lethanhphuc (@noobpk) PoC: Steps to Reproduce: - Ticket: Goto URL without login to create a new ticket, input payload: in the description field. - Comment Ticket: Input payload: in the comment field. The XSS will trigger when the admin clicks on the content. Impact: This vulnerability can steal a user's cookie and gain unauthorized access to the user's account through the stolen cookie.