/plushcap/analysis/sonar/pitfalls-of-desanitization-leaking-customer-data-from-osticket

Pitfalls of Desanitization: Leaking Customer Data from osTicket

What's this blog post about?

Researchers have identified a dangerous coding pattern called Desanitization that can lead to numerous impactful XSS vulnerabilities in prominent software. This pattern involves potentially harmful user input being sanitized and then altered afterward, negating the sanitization process and making the input dangerous again. An example of this is a Cross-Site Scripting (XSS) vulnerability found in osTicket, an open-source helpdesk software used by companies to provide solutions to customers seeking help. The issue has been fixed in osTicket versions v1.18.1 and v1.17.5.

Company
Sonar

Date published
Feb. 6, 2024

Author(s)
Oskar Zeino-Mahmalat

Word count
1991

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.