The ThreadEntryWidget has a potential cross site scripting (XSS)
vulnerability if data was posted directly to the page hosting the widget

Vulnerable URLs:
view.php, open.php, scp/open.php, scp/tickets.php

The content received in the HTTP POST is now correctly escaped when it is
echoed back to the user agent.