1.0Checkmarx - Chinesehttps://checkmarx.com/zhCheckmarx Security Research Teamhttps://checkmarx.com/zh/author/checkmarx-security-research-team/rich600338<blockquote class="wp-embedded-content"><a href="https://checkmarx.com/zh/blog/assistance-required-xss-vulnerability-discovered-in-helpdesk-software-solution-deskpro/">Assistance Required: XSS Vulnerability Discovered in Helpdesk Software Solution Deskpro</a></blockquote> <script type='text/javascript'> <!--//--><![CDATA[//><!-- /*! This file is auto-generated */ !function(c,d){"use strict";var e=!1,n=!1;if(d.querySelector)if(c.addEventListener)e=!0;if(c.wp=c.wp||{},!c.wp.receiveEmbedMessage)if(c.wp.receiveEmbedMessage=function(e){var t=e.data;if(t)if(t.secret||t.message||t.value)if(!/[^a-zA-Z0-9]/.test(t.secret)){for(var r,a,i,s=d.querySelectorAll('iframe[data-secret="'+t.secret+'"]'),n=d.querySelectorAll('blockquote[data-secret="'+t.secret+'"]'),o=0;o<n.length;o++)n[o].style.display="none";for(o=0;o<s.length;o++)if(r=s[o],e.source===r.contentWindow){if(r.removeAttribute("style"),"height"===t.message){if(1e3<(i=parseInt(t.value,10)))i=1e3;else if(~~i<200)i=200;r.height=i}if("link"===t.message)if(a=d.createElement("a"),i=d.createElement("a"),a.href=r.getAttribute("src"),i.href=t.value,i.host===a.host)if(d.activeElement===r)c.top.location.href=t.value}}},e)c.addEventListener("message",c.wp.receiveEmbedMessage,!1),d.addEventListener("DOMContentLoaded",t,!1),c.addEventListener("load",t,!1);function t(){if(!n){n=!0;for(var e,t,r=-1!==navigator.appVersion.indexOf("MSIE 10"),a=!!navigator.userAgent.match(/Trident.*rv:11\./),i=d.querySelectorAll("iframe.wp-embedded-content"),s=0;s<i.length;s++){if(!(e=i[s]).getAttribute("data-secret"))t=Math.random().toString(36).substr(2,10),e.src+="#?secret="+t,e.setAttribute("data-secret",t);if(r||a)(t=e.cloneNode(!0)).removeAttribute("security"),e.parentNode.replaceChild(t,e)}}}}(window,document); //--><!]]> </script><iframe sandbox="allow-scripts" security="restricted" src="https://checkmarx.com/zh/blog/assistance-required-xss-vulnerability-discovered-in-helpdesk-software-solution-deskpro/embed/" width="600" height="338" title="“Assistance Required: XSS Vulnerability Discovered in Helpdesk Software Solution Deskpro” — Checkmarx - Chinese" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe>https://checkmarx.com/zh/wp-content/uploads/sites/18/2021/02/Website-1024x512-2.png600300Given the shift to remote work and need for software that enables virtual collaboration, the Checkmarx Security Research Team decided to audit the security of Deskpro in accordance with the company’s Responsible Disclosure / Bug Bounty Program, discovering a severe cross-site scripting (XSS) issue that can be exploited in multiple ways.