CVE-2026-1048
BaseFortify
Publication date: 2026-01-17
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ligerosmart | ligerosmart | to 6.1.26 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-1048 is a cross-site scripting (XSS) vulnerability in LigeroSmart versions up to 6.1.26. It occurs in the file /otrs/index.pl when the parameter Action=AgentTicketZoom is used with a manipulated TicketID argument. The application fails to properly sanitize this user input, allowing an attacker to inject and execute malicious JavaScript code in the victim's browser. This attack can be initiated remotely and requires user interaction to succeed. The vulnerability can lead to unauthorized script execution within the context of the victim's session. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability allows remote attackers to execute arbitrary JavaScript in the context of a victim's browser. This can lead to theft of session cookies, defacement of web pages, or other malicious activities that compromise user data integrity and security. Because the attack executes in the victim's browser, it can be used to hijack user sessions or perform actions on behalf of the user without their consent. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP GET requests to the endpoint `/otrs/index.pl` with the parameter `Action=AgentTicketZoom` and checking for suspicious or malicious payloads in the `TicketID` argument that include script tags or JavaScript code. For example, you can use tools like curl or wget to send crafted requests and observe the response for reflected scripts. A sample detection command could be: curl -v "http://<target>/otrs/index.pl?Action=AgentTicketZoom;TicketID=1'"</ScRiPt><ScRiPt>alert(document.domain)</ScRiPt>" If the response contains the injected script, the system is vulnerable. Additionally, network intrusion detection systems (NIDS) can be configured to alert on such suspicious URL patterns containing script tags in the `TicketID` parameter. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of the vulnerable LigeroSmart versions up to 6.1.26 until a patch is available, as no known countermeasures or fixes have been provided by the vendor. Consider restricting access to the affected endpoint `/otrs/index.pl` with the parameter `Action=AgentTicketZoom` via network controls or web application firewalls (WAF) to block malicious payloads. Educate users to be cautious of suspicious links that may exploit this vulnerability. Monitoring and logging access to this endpoint can help detect exploitation attempts. Ultimately, consider migrating to alternative products or updated versions once a fix is released. [1]