LigeroSmart Index Page XSS Vulnerability - Remote Attack Possible

Summary

A weakness in LigeroSmart's index page makes it possible for hackers to inject malicious code into the page, potentially allowing them to steal sensitive information or take control of your system. This vulnerability can be exploited remotely, and an exploit is already available. Update to the latest version (6.1.27 or higher) to fix the issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
ligerosmart	ligerosmart	<= 6.1.26	–

Original title

A security vulnerability has been detected in LigeroSmart up to 6.1.26. The affected element is an unknown function of the file /otrs/index.pl. Such manipulation of the argument SortBy leads to cro...

Original description

A security vulnerability has been detected in LigeroSmart up to 6.1.26. The affected element is an unknown function of the file /otrs/index.pl. Such manipulation of the argument SortBy leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

nvd CVSS2.0 4.0

nvd CVSS3.1 6.1

nvd CVSS4.0 5.1

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

CWE-94 Code Injection

https://github.com/LigeroSmart/ligerosmart/ Product
https://github.com/LigeroSmart/ligerosmart/issues/283 Exploit Issue Tracking Third Party Advisory
https://github.com/LigeroSmart/ligerosmart/issues/283#issue-3879199951 Exploit Issue Tracking Third Party Advisory
https://vuldb.com/?ctiid.346155 Permissions Required VDB Entry
https://vuldb.com/?id.346155 Third Party Advisory VDB Entry
https://vuldb.com/?submit.749784 Exploit Third Party Advisory VDB Entry