Reflected XSS on ticket filter function in polonel/trudesk

Valid

Reported on

May 6th 2022


Description

Ticket management filter in Trudesk v1.2.0 allow user to perform XSS due to improper validation on filter attribute such as "status", "ticket type", "assignee" and etc.

Proof of Concept

  1. Login to Trudesk with role user privilege
  2. Tickets -> Filter ticket
  3. Filter for ticket status (poc on attribute status)
  4. Insert payload in the filter result

Endpoint

  1. http://{IP}/tickets/filter/

Payload used

  1. "><img src=a onerror=alert(document.domain)>

Screenshot POC

  1. ticket filter
  2. xss domain
  3. xss cookie

Impact

This vulnerability is capable of executing a malicious javascript code in web page

We are processing your report and will contact the polonel/trudesk team within 24 hours. 22 days ago
din modified the report
22 days ago
din modified the report
22 days ago
din modified the report
22 days ago
din modified the report
22 days ago
We have contacted a member of the polonel/trudesk team and are waiting to hear back 21 days ago
We have sent a follow up to the polonel/trudesk team. We will try again in 7 days. 18 days ago
din
16 days ago

Researcher


hi team, any update from this report

polonel/trudesk maintainer has acknowledged this report 16 days ago
Chris Brame assigned a CVE to this report 13 days ago
Chris Brame validated this vulnerability 13 days ago
din has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Chris Brame confirmed that a fix has been merged on 36a542 13 days ago
Chris Brame has been awarded the fix bounty
tickets.js#L217-L261 has been validated
din
13 days ago

Researcher


Thanks for validating this

to join this conversation