osTicket 1.10.1 Unauthenticated Stored XSS allows an attacker to gain admin privileges
CVE Reference: CVE-2019-13397
Description: Upload Functionality in create ticket module of osTicket 1.10.1 allows an attacker to perform Unauthenticated stored XSS.
Impact: It is possible to steal or manipulate customer session and cookies, which might be used to impersonate a legitimate user. Attacker can redirect the victim or perform other malicious operations on the user's machine.
Proof of Concept:
Create a new ticket and upload a malicious svg.
The malicious svg is executed at customer’s end
The malicious svg is executed at admin panel once malicious file is opened
Vendor Confirmed: Yes
Solution: Patch in place by the developers
Fixed Version: 1.10.2 or later.
Vendor URL: https://osticket.com/