Aishwarya Iyer

**Name of the Vulnerable Software and Affected Versions** osTicket versions prior to 1.10.7 osTicket versions 1.12.x prior to 1.12.1 **Description** The issue concerns the file-upload functionality in the Ticket creation form, which lacks sufficient mitigations for file content checks and improperly handles output. This leads to persistent XSS, potentially resulting in cookie stealing or malicious actions. For instance, a non-agent user can upload an .html file, and the Content-Disposition will be set to inline instead of attachment. **Recommendations** For osTicket versions prior to 1.10.7, update to version 1.10.7 or later. For osTicket versions 1.12.x prior to 1.12.1, update to version 1.12.1 or later.

**Name of the Vulnerable Software and Affected Versions** osTicket versions prior to 1.10.7 osTicket versions 1.12.x prior to 1.12.1 **Description** An issue exists in the export spreadsheets functionality of osTicket, where CSV injection is possible due to unvalidated or unfiltered user input in the `Name` and `Internal Notes` fields in the Users tab, and the `Issue Summary` field in the tickets tab. This allows other agents to download data in a .csv file format or .xls file format, which can be used as input for spreadsheet applications such as Excel and OpenOffice Calc. As a result, the end user who is accessing the exported spreadsheet can be affected. The vulnerability can be exploited by a remote attacker to execute arbitrary code. **Recommendations** For osTicket versions prior to 1.10.7, update to version 1.10.7 or later. For osTicket versions 1.12.x prior to 1.12.1, update to version 1.12.1 or later. As a temporary workaround, consider restricting access to the export spreadsheets functionality until a patch is available. Avoid using the `Name`, `Internal Notes`, and `Issue Summary` fields in the affected tabs to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** osTicket versions prior to 1.10.7 osTicket versions 1.12.x prior to 1.12.1 **Description** The issue is related to a lack of input sanitization in the `firstname` and `lastname` fields, allowing for stored XSS attacks. This can lead to the execution of malicious queries, potentially resulting in cookie stealing or other malicious actions. The vulnerability can be exploited by a remote attacker to perform cross-site scripting attacks. **Recommendations** For osTicket versions prior to 1.10.7, update to version 1.10.7 or later. For osTicket versions 1.12.x prior to 1.12.1, update to version 1.12.1 or later. As a temporary workaround, consider restricting access to the setup/install.php page to minimize the risk of exploitation. Avoid using the `firstname` and `lastname` fields in the application until the issue is resolved.