I read about a cross site scripting vulnerability that was reported several days ago affecting eTicket v1.5.6-RC3, eTicket v1.5.6-RC2, eTicket v1.5.5.2, and older versions, due to inadequate filtering of some input data.
It is advisable to upgrade to v1.5.6-RC4