When used edit ticket button on the ticket view page in the message field contains XSS and script code #597
Labels
1.1.0 Version
This is related to version 1.1.0 uvdesk
1.1.1 Version
This is related to version 1.1.1 uvdesk
1.2.0 Version
Bug
Something isn't working
Ticket
Regarding Tickets issues
XSS Stored
Regarding any security issue with XSS stored payload
Comments
komal-sh-27
added
1.1.0 Version
komal-sh-27
added
the
XSS Stored
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
When used edit ticket button on the ticket view page in the message field contains XSS code
How to reproduce
Step 1: Go to the admin panel and click on tickets
Step 2: Now click on the edit ticket option and use these code scripts:
1. <script type = "text/javascript">
function fun() {
alert ("This is an alert dialog box");
}
</script>
After updating the ticket here does not show script code like text:
2. <b onmouseover=alert('Uvdesk!')>click me!
After update:
Hover or click on this shows an alert box:
3. ">
After Update shows an alert box:
Possible Solution
If we using any script code so should be shown all content like this:
The text was updated successfully, but these errors were encountered: