Reflected XSS on ticket filter function in polonel/trudesk

Valid

Reported on

May 6th 2022

Description

Ticket management filter in Trudesk v1.2.0 allow user to perform XSS due to improper validation on filter attribute such as "status", "ticket type", "assignee" and etc.

Proof of Concept

  1. Login to Trudesk with role user privilege
  2. Tickets -> Filter ticket
  3. Filter for ticket status (poc on attribute status)
  4. Insert payload in the filter result

Endpoint

  1. http://{IP}/tickets/filter/

Payload used

  1. "><img src=a onerror=alert(document.domain)>

Screenshot POC

  1. ticket filter
  2. xss domain
  3. xss cookie

Impact

This vulnerability is capable of executing a malicious javascript code in web page

We are processing your report and will contact the polonel/trudesk team within 24 hours. a year ago
din modified the report
a year ago
din modified the report
a year ago
din modified the report
a year ago
din modified the report
a year ago
We have contacted a member of the polonel/trudesk team and are waiting to hear back a year ago
We have sent a follow up to the polonel/trudesk team. We will try again in 7 days. a year ago
din
a year ago

Researcher

hi team, any update from this report

polonel/trudesk maintainer has acknowledged this report a year ago
Chris assigned a CVE to this report a year ago
Chris validated this vulnerability a year ago
din has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Chris marked this as fixed in 1.2.2 with commit 36a542 a year ago
Chris has been awarded the fix bounty
This vulnerability will not receive a CVE
tickets.js#L217-L261 has been validated
din
a year ago

Researcher

Thanks for validating this

to join this conversation