Reflected XSS in Organizations Search in osticket/osticket
Dec 6th 2022
In this specific case, that actually follows the same logic and impact of the CVE-2022-4271 previously reported in Reflected XSS in Username in osticket/osticket, by querying for any existing organization's name, such as the default one, namely "osTicket", on
scp/ajax.php/orgs/search and using the
Proof of Concept
If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can perform any action within the application that the user can perform, view any information that the user is able to view, modify any information that the user is able to modify or initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user.