CVE-2019-11537

In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.php/users/import if an agent manager user uploads a crafted .csv file to the User Importer, because file contents can appear in an error message. The XSS can lead to local file inclusion.
References
Link Resource
https://www.exploit-db.com/exploits/46753 Exploit Third Party Advisory VDB Entry
https://pentest.com.tr/exploits/osTicket-v1-11-XSS-to-LFI.html Exploit Third Party Advisory
https://github.com/osTicket/osTicket/releases/tag/v1.12 Third Party Advisory
https://github.com/osTicket/osTicket/pull/4869 Third Party Advisory
https://www.exploit-db.com/exploits/46753/ Exploit VDB Entry Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*

Information

Published : 2019-04-25 12:29

Updated : 2019-05-07 11:57


NVD link : CVE-2019-11537

Mitre link : CVE-2019-11537


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

osticket

  • osticket