Reflected XSS on ticket filter function in polonel/trudesk
Valid
Reported on
May 6th 2022
Description
Ticket management filter in Trudesk v1.2.0 allow user to perform XSS due to improper validation on filter attribute such as "status", "ticket type", "assignee" and etc.
Proof of Concept
- Login to Trudesk with role user privilege
- Tickets -> Filter ticket
- Filter for ticket status (poc on attribute status)
- Insert payload in the filter result
Endpoint
- http://{IP}/tickets/filter/
Payload used
- "><img src=a onerror=alert(document.domain)>
Screenshot POC
Impact
This vulnerability is capable of executing a malicious javascript code in web page
Occurrences
We are processing your report and will contact the
polonel/trudesk
team within 24 hours.
22 days ago
din modified the report
22 days ago
din modified the report
22 days ago
din modified the report
22 days ago
din modified the report
22 days ago
We have contacted a member of the
polonel/trudesk
team and are waiting to hear back
21 days ago
We have sent a
follow up to the
polonel/trudesk
team.
We will try again in 7 days.
18 days ago
The researcher's credibility has increased: +7
Chris Brame
has been awarded the fix bounty
tickets.js#L217-L261
has been validated
to join this conversation