CVE-2021–3945 Django-helpdesk stored XSS

Django-helpdesk is an open-source ticket system (plug-in) written based on Django, which can be directly integrated into your own Django project.

Affected version:

<= 0.3.0

Vulnerability code:

row.title is user input and can be directly written into XSS payload

After clicking submit, the XSS code is stored in the database. When the admin views the ticket, the XSS will be triggered

PoC:

Ref:

https://github.com/django-helpdesk/

#InfoSec | #RedTeam | #OSINT | #CyberSec | #Pentest