A vulnerability was found in osTicket up to 1.10/1.17.7/1.18.0/1.18.3. It has been classified as problematic. Impacted is an unknown function of the component Bootstrap Tooltip. The manipulation leads to cross site scripting.

This vulnerability is listed as CVE-2026-36214. The attack may be initiated remotely. There is no available exploit.