Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

osTicket v1.10 (stable) and Maintenance Release v1.9.15 are now available! Go get it now

Large XSS vulnerabilities in osTicket 1.9.2

My co-workers like to break things that I have worked long and hard on and found some cross site scripting vulerabilities in the current version of osTicket. The following link shows some details. LINK

Does anyone know how I can patch this, instead of waiting for another version release?

 My co-worker was able to inject a script after creating a new ticket that redirected to another webpage, and was able to change the Helpdesk Name/Title. This co-worker has admin privileges, so that may or may not increase his access to change things via XSS.

Thanks for any input!
Tagged:

Comments

  • I've asked the devs to take a look at this.  1.9.3 is already out though and did address some xss vuls.

    Also that page says 1.9.1 in the url, the breadcrumbs, and Cpe Name:cpe:/a:osticket:osticket:1.9.1.  However the description of the vul states 1.9.2.  This could already be fixed with these:

    1.9.2
    • Fix XSS vulnerability in phone number widget (#1025)
    • Fix several XSS vulnerabilities in client and staff interfaces (#1024, #1025)

    1.9.3


  • Yeah, I upgraded after I posted this (to 1.9.3), but there still seems to be some XSS issues lying around. I upgraded Aug. 7th, and today (Aug 8th) my co-worker was able to submit a ticket that redirected you to another website entirely.

    I'll have to ask him how these are being exploited, maybe he'll give me some insight.

    Thanks, btw. you're always very helpful.
Sign In or Register to comment.