XSS Stored in Caption Image in osticket/osticket
Mar 10th 2023
Hello team, I found an xss stored in the caption field as demonstrated in the gif below.
Proof of Concept
As Result this allow an attacker to steal user session , takeover user account , make redirect user to attacker controlled site