CVE-2019-14750
CVE-2019-14750
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions.
Productos afectados
n/a · n/aPoCs públicas encontradas — 2
cve_referencepacketstormsecurity.com/files/154005/osTicket-1.12-Cross-Site-Scripting.htmlno verificadocve_referencewww.exploit-db.com/exploits/47226no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://packetstormsecurity.com/files/154005/osTicket-1.12-Cross-Site-Scripting.htmlhttps://github.com/osTicket/osTicket/commit/c3ba5b78261e07a883ad8fac28c214486c854e12https://github.com/osTicket/osTicket/releases/tag/v1.10.7https://github.com/osTicket/osTicket/releases/tag/v1.12.1https://www.exploit-db.com/exploits/47226