Primary

Context

LigeroSmart Cross-Site Scripting Vulnerability in AgentDashboard Function

Vulnerability

A reflected cross-site scripting (XSS) vulnerability has been identified in LigeroSmart versions through 6.1.26. The issue resides in the AgentDashboard function of the file /otrs/index.pl, where the Subaction parameter is not properly validated or encoded. This flaw allows for the injection of arbitrary JavaScript, which is executed in the context of the user's browser. The vulnerability can be exploited remotely, but requires user interaction.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where injected scripts are executed in the context of the victim's browser.

Reproduction

To reproduce this vulnerability, send a POST request to /otrs/index.pl with the Subaction parameter manipulated to include a script tag. This can be done by injecting JavaScript code, such as an alert, which will be executed once the response is received.

Added: Feb 16, 2026, 10:15 AM

Updated: Feb 16, 2026, 10:15 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.5

remediation

0.0

relevance

2.9

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.5

remediation

0.0

relevance

2.9

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LigeroSmart Cross-Site Scripting Vulnerability in AgentDashboard Function

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating