CVE-2019-11537

moderate-risk
Published 2019-04-25

In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.php/users/import if an agent manager user uploads a crafted .csv file to the User Importer, because file contents can appear in an error message. The XSS can lead to local file inclusion.

Do I need to act?

~
5.0% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
46753
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Osticket

References (10)

Third Party Advisory https://github.com/osTicket/osTicket/pull/4869
Third Party Advisory https://github.com/osTicket/osTicket/releases/tag/v1.12
Exploit https://pentest.com.tr/exploits/osTicket-v1-11-XSS-to-LFI.html
Exploit https://www.exploit-db.com/exploits/46753
Exploit https://www.exploit-db.com/exploits/46753/
Third Party Advisory https://github.com/osTicket/osTicket/pull/4869
Third Party Advisory https://github.com/osTicket/osTicket/releases/tag/v1.12
Exploit https://pentest.com.tr/exploits/osTicket-v1-11-XSS-to-LFI.html
Exploit https://www.exploit-db.com/exploits/46753
Exploit https://www.exploit-db.com/exploits/46753/
43
/ 100
moderate-risk
Severity 23/34 · High
Exploitability 15/34 · Moderate
Exposure 5/34 · Minimal