CVE-2017-15362

CVE-2017-15362

osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication channels, etc. The vulnerability is present after login into the application. This affects a different tickets.php file than CVE-2015-1176.

Source: CVE-2017-15362

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다