My co-workers like to break things that I have worked long and hard on and found some cross site scripting vulerabilities in the current version of osTicket. The following link shows some details. LINKDoes anyone know how I can patch this, instead of waiting for another version release? My co-worker was able to inject a script after creating a new ticket that redirected to another webpage, and was able to change the Helpdesk Name/Title. This co-worker has admin privileges, so that may or may not increase his access to change things via XSS.Thanks for any input!

I've asked the devs to take a look at this.  1.9.3 is already out though and did address some xss vuls.Also that page says 1.9.1 in the url, the breadcrumbs, and Cpe Name:/a.9.1.  However the description of the vul states 1.9.2.  This could already be fixed with these:1.9.2Fix XSS vulnerability in phone number widget (#1025)Fix several XSS vulnerabilities in client and staff interfaces (#1024, #1025)

1.9.3

Fix XSS vulnerability in user name (#1108, #1131)

Yeah, I upgraded after I posted this (to 1.9.3), but there still seems to be some XSS issues lying around. I upgraded Aug. 7th, and today (Aug 8th) my co-worker was able to submit a ticket that redirected you to another website entirely.I'll have to ask him how these are being exploited, maybe he'll give me some insight.Thanks, btw. you're always very helpful.

Write a Reply...