Mastodawn

Sonar Research Feb 7, 2024

What do vulnerabilities in WordPress, Proton Mail, and Zimbra have in common? 🤔
Learn how the common Desanitization code pattern leads to serious issues with a vulnerability we found in osTicket:
https://www.sonarsource.com/blog/pitfalls-of-desanitization-leaking-customer-data-from-osticket?utm_medium=social&utm_source=mastodon&utm_campaign=research&utm_content=blog-pitfalls-of-desanitization-leaking-customer-data-from-osticket-240206-&utm_term
(CVE-2023-46967)
#desanitization #osTicket #vulnerability

Pitfalls of Desanitization: Leaking Customer Data from osTicket

The dangerous Desanitization pattern led to an XSS vulnerability in the open-source helpdesk software osTicket, which can be used to leak customer data.