Pitfalls of Desanitization: Leaking Customer Data from osTicket

Researchers have identified a dangerous coding pattern called Desanitization that can lead to numerous impactful XSS vulnerabilities in prominent software. This pattern involves potentially harmful user input being sanitized and then altered afterward, negating the sanitization process and making the input dangerous again. An example of this is a Cross-Site Scripting (XSS) vulnerability found in osTicket, an open-source helpdesk software used by companies to provide solutions to customers seeking help. The issue has been fixed in osTicket versions v1.18.1 and v1.17.5.