Zero-Day Advisory

Fortinet Discovers Enhancesoft osTicket DOM Based Cross-Site Scripting

Summary

Fortinet's FortiGuard Labs has discovered an DOM Based Cross-Site Scripting vulnerability in osTc products.

osTicket is a widely-used open source support ticket system. It seamlessly integrates inquiries created via email, phone and web-based forms into a simple easy-to-use multi-user web interface. Manage, organize and archive all your support requests and responses in one place while providing your customers with accountability and responsiveness they deserve.

We discovered a osTicket product that are vulnerable to DOM Based Cross-Site Scripting vulnerability. The issue occurs when the attacker copy and paste the payload to the text form that could lead to javascript code injection. Attacker who successfully trigger the vulnerability could result in arbitrary javascript run..

Solutions

Users should upgrade the product to latest version

Timeline

Fortinet reported the vulnerability to osTicket on 06 February, 2020. 

osTicket confirmed the vulnerability on 07 February, 2020. 

D-Link released the fix on 02 May, 2020.

Acknowledgement

This vulnerability was discovered by Nguyen Thanh Nguyen of Fortinet's FortiGuard Labs.

IPS Subscription

Fortinet customers who subscribe to Fortinet's intrusion prevention (IPS) service should be protected against this vulnerability with the appropriate configuration parameters in place. Fortinet's IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by FortiGuard Labs, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.