CVE-2026-1049
BaseFortify
Publication date: 2026-01-17
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ligerosmart | ligerosmart | to 6.1.26 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Scripting (XSS) flaw in LigeroSmart versions up to 6.1.26, specifically in the handling of the 'TicketID' parameter in the /otrs/index.pl file. The application does not properly sanitize user input in this parameter, allowing an attacker to inject and execute arbitrary JavaScript code in the context of a victim's browser. This can be exploited remotely by sending a crafted POST request with malicious script code embedded in the 'TicketID' parameter. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can lead to the execution of arbitrary scripts in the victim's browser, potentially enabling session hijacking, defacement of the web application, or other malicious actions that compromise data integrity and user trust. Since the attack can be launched remotely and requires some user interaction, it poses a risk of unauthorized actions being performed on behalf of the user. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending a crafted multipart/form-data POST request to the endpoint `/otrs/index.pl` with the `TicketID` parameter containing a test XSS payload such as `1</script><script>alert(document.domain)</script>`. Monitoring web application logs for such suspicious POST requests or unexpected script execution in the browser can also help detect exploitation attempts. A sample curl command to test the vulnerability is: curl -X POST https://<target>/otrs/index.pl \ -H 'Content-Type: multipart/form-data' \ -F 'Action=AgentTicketBulk' \ -F 'ChallengeToken=<token>' \ -F 'LastColumnFilter=aYlNlfdX' \ -F 'TicketID=1</script><script>alert(document.domain)</script>' Replace `<target>` and `<token>` with appropriate values. Successful execution of the alert script in the browser indicates the presence of the vulnerability. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
No official fix or patch has been provided by the LigeroSmart project yet. Immediate mitigation steps include avoiding use of affected LigeroSmart versions (up to 6.1.26), restricting access to the vulnerable endpoint `/otrs/index.pl` via network controls or web application firewalls, and monitoring for suspicious activity. Consider using alternative products or applying custom input sanitization or filtering on the `TicketID` parameter if possible. Users should also educate users to avoid interacting with suspicious links that might exploit this XSS vulnerability. [1]