Unrestricted Upload of File with Dangerous Type in polonel/trudesk

Valid

Reported on

Jun 20th 2021

✍️ Description

trudesk is vulnerable to arbitrary file upload. The app is allowing upload files, such as text/html. Consequently, It is possible to exploit XSS.

Create a ticket.
Access the ticket created and upload an HTML file which contains <img src onerror=alert(document.domain)>.
Access the HTML file uploaded.

JavaScript code execution.

tickets.js L612

We have contacted a member of the polonel/trudesk team and are waiting to hear back 2 years ago

Chris validated this vulnerability 2 years ago

Renan Rocha has been awarded the disclosure bounty

The fix bounty is now up for grabs

Chris marked this as fixed with commit 25c5ae 2 years ago

Chris has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation