CVE-2020-23647

Name of the Vulnerable Software and Affected Versions BoxBilling versions 4.19 through 4.21

Description A Cross Site Scripting (XSS) issue allows remote attackers to run arbitrary code via the message field on the submit new ticket form. This enables attackers to execute malicious scripts, potentially leading to unauthorized actions on the affected system.

Recommendations For BoxBilling versions 4.19 through 4.21, consider disabling the submit new ticket form or restricting access to it until a patch is available. Additionally, avoid using the message field in the submit new ticket form to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.