CVE-2026-2545

CVSS v2.0

4.0

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions LigeroSmart versions up to 6.1.26

Description A flaw exists in LigeroSmart that allows for cross site scripting. The issue is related to the manipulation of the

Profile

argument within the

/otrs/index.pl?Action=AgentTicketSearch

API endpoint. The exploit has been publicly released and could be used for attacks. The project was notified of the issue but has not yet responded.

Recommendations Versions prior to 6.1.26 should be updated.

Exploit

Fix

Code Injection

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

CVE-2026-2545

Ligerosmart