Skip to content
Snippets Groups Projects
Select Git revision
  • develop default protected
  • develop-next
  • 1.14.x
  • 1.12.x
  • master
  • 1.10.x
  • 1.11.x
  • 1.9.x
  • revert-3168-issue/2910
  • 1.8.x
  • 1.8.0.x
  • v1.14.1
  • v1.12.5
  • v1.14
  • v1.12.4
  • v1.14-rc2
  • v1.12.3
  • v1.14.-rc1
  • v1.14-rc1
  • v1.12.2
  • v1.12.1
  • v1.10.7
  • v1.12
  • v1.10.6
  • v1.11
  • v1.10.5
  • v1.11.0-rc1
  • v1.10.4
  • v1.10.3
  • v1.10.2
  • v1.10.1
31 results
Blame Permalink
  • JediKev's avatar
    a3d896c8
    security: Fix Multiple XSS Vulnerabilies · a3d896c8
    JediKev authored 
    It may be possible to steal or manipulate customer session and cookies,
which might be used to impersonate a legitimate user, allowing the hacker to
view or alter user records, and to perform transactions as that user.
Sanitation of hazardous characters was not performed correctly on user
input.

osTicket did not properly sanitize array values in `Format::htmlchars()`.
Some values in the Admin Interface were not properly sanitized and returned
to the response.
    a3d896c8
    History
    security: Fix Multiple XSS Vulnerabilies
    JediKev authored 
    It may be possible to steal or manipulate customer session and cookies,
which might be used to impersonate a legitimate user, allowing the hacker to
view or alter user records, and to perform transactions as that user.
Sanitation of hazardous characters was not performed correctly on user
input.

osTicket did not properly sanitize array values in `Format::htmlchars()`.
Some values in the Admin Interface were not properly sanitized and returned
to the response.