New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cross Site Scripting Vulnerability on "Knowledgebase" feature in OsTicket #5514
Comments
Please refrain from reporting vulnerabilities like this in the future. Please, next time follow Responsible Disclosure practices by reporting directly to us. You can send all POCs to With this being said, this particular vulnerability has two parts:
2.) Pasting Payload in HTML View and Saving Changes (just so the payload doesn't execute immediately)
Cheers. |
Here is the patch to mitigate the 2nd half of the vulnerability: Please apply the changes, retest, and get back to me. Cheers. |
Here is a patch that upgrades Redactor to the latest version which mitigates the 1st half of the XSS vulnerability you reported: Cheers. |
Description:
A authenticated malicious user can take advantage of a Reflected XSS vulnerability in the "Knowledgebase" feature. This was can be bypassed by using HTML event handlers, such as "ontoggle".
OS: firefox
Steps to Reproduce:
"><svg/onload=alert(document.domain)>
Expected behavior: [What you expected to happen]
The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is reflected back to the page.
Impact
Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user’s machine under the guise of the vulnerable site.
Screenshots
The text was updated successfully, but these errors were encountered: