Trudesk version 1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the tickets `Create/Modify Ticket Tags` on admin role.# Trudesk version 1.2.6
### Vulnerability Explanation:
Trudesk version 1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the tickets `Create/Modify Ticket Tags` on admin role.
### Attack Vectors:
The attacker must go to Settings menu, select tickets and then scroll down to find Ticket Tags. Click at `CREATE` and insert the XSS payload at the `Add Tags` input, `Create Tag` in order to exploit the stored XSS. The XSS payload will be launched immediately after save.
### Affected:
- http://[IP]:8118/settings/tickets
- POST
- /api/v1/tags/create
- Parameter : tag
### Payload :
- <iframe src="javascript:alert('Hello XSS by BYPAZS!')">
### Tested on:
1. Trudesk version 1.2.6 (https://github.com/polonel/trudesk/releases/tag/v1.2.6)
2. Google Chrome Version 109.0.5414.119 (Official Build) (x86_64)
### Steps to attack:
1. Enter your username and password; the account must have admin privileges.
2. Select Settings menu, select Tickets and then scroll down to find Ticket Tags.
3. Click at CREATE and enter the XSS payload at the Add Tags input, Create Tag
4. The XSS payload will run immediately.
### Discoverer:
:shipit: Thapanarath Khempetch
### Disclosure Timeline:
- 2023–02–15: Vulnerability discovered.
- 2023–02–15: Vulnerability reported to the MITRE corporation.
- 202X–XX–XX: CVE has been reserved.
- 202X–XX–XX: Public disclosure of the vulnerability.
Reference:
1.
2.
3. https://github.com/polonel/trudesk/releases/tag/v1.2.6
4. https://trudesk.io/
Log in to view the POC file snapshot cached by Shenlong Bot
Log in to view