Improper Restriction of Rendered UI Layers or Frames in osticket/osticket
Mar 29th 2023
The osTicket uses an incorrect method to validate the src attribute of the iframe tag. Although it appears that osTicket restricts domains through a whitelist, attackers can easily bypass this restriction.
Proof of Concept
<iframe src="http://www.youtube.com.[attacker's server]">
This iframe is going to render www.youtube.com.[attacker's server]