security: Fix Multiple XSS Vulnerabilies
It may be possible to steal or manipulate customer session and cookies, which might be used to impersonate a legitimate user, allowing the hacker to view or alter user records, and to perform transactions as that user. Sanitation of hazardous characters was not performed correctly on user input. osTicket did not properly sanitize array values in `Format::htmlchars()`. Some values in the Admin Interface were not properly sanitized and returned to the response.
Showing
- include/class.config.php 2 additions, 0 deletionsinclude/class.config.php
- include/class.format.php 7 additions, 2 deletionsinclude/class.format.php
- include/class.thread.php 1 addition, 1 deletioninclude/class.thread.php
- include/staff/helptopic.inc.php 1 addition, 1 deletioninclude/staff/helptopic.inc.php
- include/staff/tickets.inc.php 4 additions, 1 deletioninclude/staff/tickets.inc.php
- scp/forms.php 1 addition, 0 deletionsscp/forms.php
Loading
Please register or sign in to comment