Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
osTicket Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2019-11537 - Vulnerability Database
osTicket

osTicket Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2019-11537

Medium
Reference: CVE-2019-11537
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-11537
Title: osTicket Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

In osTicket before 1.12 XSS exists via /upload/file.php /upload/scp/users.phpdoimport-users and /upload/scp/ajax.php/users/import if an agent manager user uploads a crafted .csv file to the User Importer because file contents can appear in an error message. The XSS can lead to local file inclusion.