CVE-2019-14750

Name of the Vulnerable Software and Affected Versions osTicket versions prior to 1.10.7 osTicket versions 1.12.x prior to 1.12.1

Description The issue is related to a lack of input sanitization in the firstname and lastname fields, allowing for stored XSS attacks. This can lead to the execution of malicious queries, potentially resulting in cookie stealing or other malicious actions. The vulnerability can be exploited by a remote attacker to perform cross-site scripting attacks.

Recommendations For osTicket versions prior to 1.10.7, update to version 1.10.7 or later. For osTicket versions 1.12.x prior to 1.12.1, update to version 1.12.1 or later. As a temporary workaround, consider restricting access to the setup/install.php page to minimize the risk of exploitation. Avoid using the firstname and lastname fields in the application until the issue is resolved.