eTicket 'index.php' Cross Site Scripting and Path Disclosure Vulnerabilities

eTicket is "a PHP-based electronic (open source) support ticket system based on osTicket, that can receive tickets via email (pop3/pipe) or a web form. It also offers a ticket manager with many features. An ideal helpdesk solution for any website". The application eTicket version 1.5.6-RC4 is prone to a Cross Site Scripting and path disclosure vulnerabilities.

http://www.securiteam.com/unixfocus/5UP0M2KN5W.html