Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
LigeroSmart up to 6.1.26 allows remote attackers to inject malicious code
CVE-2026-2545
Summary
A vulnerability in LigeroSmart's ticket search function allows an attacker to inject malicious code. This could happen when a user interacts with the system in a specific way. Update to the latest version of LigeroSmart to protect your system from potential attacks.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| ligerosmart | ligerosmart | <= 6.1.26 | – |
Original title
A weakness has been identified in LigeroSmart up to 6.1.26. Impacted is an unknown function of the file /otrs/index.pl?Action=AgentTicketSearch. This manipulation of the argument Profile causes cro...
Original description
A weakness has been identified in LigeroSmart up to 6.1.26. Impacted is an unknown function of the file /otrs/index.pl?Action=AgentTicketSearch. This manipulation of the argument Profile causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
nvd CVSS2.0
4.0
nvd CVSS3.1
6.1
nvd CVSS4.0
5.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
CWE-94
Code Injection
- https://github.com/LigeroSmart/ligerosmart/ Product
- https://github.com/LigeroSmart/ligerosmart/issues/282 Exploit Issue Tracking Third Party Advisory
- https://github.com/LigeroSmart/ligerosmart/issues/282#issue-3879165194 Exploit Issue Tracking Third Party Advisory
- https://vuldb.com/?ctiid.346154 Permissions Required VDB Entry
- https://vuldb.com/?id.346154 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.749758 Third Party Advisory VDB Entry
Published: 16 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026