Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
osTicket Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2017-15362 - Vulnerability Database
osTicket

osTicket Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2017-15362

Medium
Reference: CVE-2017-15362
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2017-15362
Title: osTicket Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.phpstatus link aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections injection of iframes to establish communication channels etc. The vulnerability is present after login into the application. This affects a different tickets.php file than CVE-2015-1176.