CVE-2019-14750 Scanner
Detects 'Cross-Site Scripting (XSS)' vulnerability in osTicket affects v. before 1.10.7 and 1.12.x before 1.12.1.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
29 days
Scan only one
Domain, IPv4
Toolbox
-
osTicket is a popular open-source support ticket system that is widely used by organizations to manage customer support requests. With its user-friendly interface and customizable features, it serves as an effective platform for businesses to streamline their customer support operations. It provides a centralized place for businesses to manage all their customer support requests from different channels such as email, phone, and social media. The ticketing system also features automation tools, which helps to prioritize and streamline support requests to ensure prompt resolution.
Recently, a vulnerability in osTicket was detected which could cause significant damage if not fixed. The vulnerability with code CVE-2019-14750 was found in the setup/install.php file, which stores cross-site scripting (XSS) attacks. This vulnerability is caused by the lack of input sanitization provided in the firstname and lastname fields of the application. An attacker can insert malicious code in these fields that will automatically run and execute queries, leading to cookie stealing and other malicious actions.
When exploited, this vulnerability can lead to devastating consequences for businesses. An attacker can steal sensitive customer data, such as usernames, passwords, and other personal information, compromising the entire support ticket system. This can result in a loss of trust in the business and may affect the business's reputation negatively. The damage can even be extended to the customers, whose personal information may be exploited by malicious entities.
In conclusion, the osTicket vulnerability with code CVE-2019-14750 can lead to significant damages to businesses if not adequately addressed. But, with the pro features of the s4e.io platform, individuals can easily and quickly learn about vulnerabilities in their digital assets. The platform proactively scans the website and informs the user about possible vulnerabilities and threats. Get started with s4e.io to identify and protect against possible security vulnerabilities.
REFERENCES
- https://github.com/osTicket/osTicket/releases/tag/v1.12.1
- https://github.com/osTicket/osTicket/releases/tag/v1.10.7
- https://github.com/osTicket/osTicket/commit/c3ba5b78261e07a883ad8fac28c214486c854e12
- http://packetstormsecurity.com/files/154005/osTicket-1.12-Cross-Site-Scripting.html
- exploit-db.com: 47226