CVE-2019-14748

MEDIUM

osTicket <1.10.7/1.12.x<1.12.1 - Unrestricted File Upload & Stored XSS via Ticket Form

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-14748. PoCs published by Aishwarya Iyer.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in osTicket before 1.10.7 and 1.12.x before 1.12.1 via file upload. The attacker uploads an HTML file containing malicious JavaScript, which executes when accessed by an agent.

Description

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is not handled properly, causing persistent XSS that leads to cookie stealing or malicious actions. For example, a non-agent user can upload a .html file, and Content-Disposition will be set to inline instead of attachment.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Aishwarya Iyer · textwebappsphp

https://www.exploit-db.com/exploits/47224

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in osTicket before 1.10.7 and 1.12.x before 1.12.1 via file upload. The attacker uploads an HTML file containing malicious JavaScript, which executes when accessed by an agent.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: osTicket < 1.10.7, 1.12.x < 1.12.1

Auth required

Prerequisites: Non-agent user credentials · Access to ticket creation form

MITRE ATT&CK