PT-2026-3364 · Unknown · Ligerosmart
Chor4O
·
Publicado
2026-01-17
·
Atualizado
2026-01-17
·
CVE-2026-1048
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
LigeroSmart versions through 6.1.26
Description
A cross-site scripting issue exists in LigeroSmart. The manipulation of the
TicketID argument in the /otrs/index.pl?Action=AgentTicketZoom endpoint can trigger this issue. The exploit is publicly available and could be used for remote attacks. The project has been informed but has not yet responded.Recommendations
Versions prior to 6.1.26 should be updated. As a temporary workaround, consider restricting access to the
/otrs/index.pl?Action=AgentTicketZoom endpoint until a patch is available.Exploit
Correção
XSS
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Ligerosmart