Cross-site Scripting (XSS) - Stored in polonel/trudesk
Jun 14th 2021
Stored xss using ticket content in markdown
💥 STEP TO REPRODUCE
1. First goto
http://localhost:8118/settings/general from admin account and grab your ticketing url
2. Now as external user open above ticketing url and create a new ticket . During creation put bellow xss payload in as ticket content .
3. Now goto admin account and view the above ticket and click the link and see xss is executed.
Thus attacker can read victim all ticket details or perform other operation