Pitfalls of Desanitization: Leaking Customer Data from osTicket
Researchers have identified a dangerous coding pattern called Desanitization that can lead to numerous impactful XSS vulnerabilities in prominent software. This pattern involves potentially harmful user input being sanitized and then altered afterward, negating the sanitization process and making the input dangerous again. An example of this is a Cross-Site Scripting (XSS) vulnerability found in osTicket, an open-source helpdesk software used by companies to provide solutions to customers seeking help. The issue has been fixed in osTicket versions v1.18.1 and v1.17.5.
Company
Sonar
Date published
Feb. 6, 2024
Author(s)
Oskar Zeino-Mahmalat
Word count
1991
Language
English
Hacker News points
None found.