Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-14748

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is not handled properly, causing persistent XSS that leads to cookie stealing or malicious actions. For example, a non-agent user can upload a .html file, and Content-Disposition will be set to inline instead of attachment.

Published

2019-08-07T17:15:12.417

Last Modified

2024-11-21T04:27:15.770

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 5.4 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

6.8

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79
CWE-434

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	osticket	osticket	< 1.10.7	Yes
Application	osticket	osticket	< 1.12.1	Yes

References

http://packetstormsecurity.com/files/154003/osTicket-1.12-File-Upload-Cross-Site-Scripting.html Exploit, Third Party Advisory, VDB Entry ([email protected])
https://github.com/osTicket/osTicket/commit/33ed106b1602f559a660a69f931a9d873685d1ba Patch, Release Notes, Third Party Advisory ([email protected])
https://github.com/osTicket/osTicket/releases/tag/v1.10.7 Release Notes, Third Party Advisory ([email protected])
https://github.com/osTicket/osTicket/releases/tag/v1.12.1 Third Party Advisory ([email protected])
https://www.exploit-db.com/exploits/47224 Exploit, Third Party Advisory, VDB Entry ([email protected])
http://packetstormsecurity.com/files/154003/osTicket-1.12-File-Upload-Cross-Site-Scripting.html Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/osTicket/osTicket/commit/33ed106b1602f559a660a69f931a9d873685d1ba Patch, Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/osTicket/osTicket/releases/tag/v1.10.7 Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/osTicket/osTicket/releases/tag/v1.12.1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/47224 Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)