Stored XSS - Entity name not sanitize in Ticket creation page in glpi-project/glpi
Oct 26th 2022
Administrator can set a Cross-Site Scripting (XSS) payload inside an entity name. This XSS will be executed on the Ticket Creation page (Menu -> Assistance -> Create Ticket).
Proof of Concept
1. Set an XSS in Entity name
2. Go to the "Create Ticket" page
3. XSS is excuted
XSS can cause a variety of problems for the end user that range in severity from an annoyance to complete account compromise. The most severe XSS attacks involve disclosure of the user’s session cookie, allowing an attacker to hijack the user’s session and take over the account. Other damaging attacks include the disclosure of end user files, installation of Trojan horse programs, redirecting the user to some other page or site, or modifying presentation of content. An XSS vulnerability allowing an attacker to modify a press release or news item could affect a company’s stock price or lessen consumer confidence. An XSS vulnerability on a pharmaceutical site could allow an attacker to modify dosage information resulting in an overdose.