osTicket 1.12 Cross Site Scripting

Posted by deepcore on August 12, 2019 – 10:18 pm

An issue was discovered in osTicket versions before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« [dos] VxWorks 6.8 – TCP Urgent Pointer = 0 Integer Underflow osTicket 1.12 Formula Injection »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

osTicket 1.12 Cross Site Scripting

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL