[原文]new_ticket.cgi in Hostflow 2.2.1-15 allows remote attackers to steal and replay authentication credentials via an IMG tag in the desc parameter ("Ticket Description" field) that points to a URL that captures referer URLs, possibly due to a cross-site scripting (XSS) vulnerability or a leak of credentials in referer URLs.
Hostflow Help Desk new_ticket.cgi Authentication Replay
Remote / Network Access
Loss of Integrity
Hostflow Help Desk contains a flaw that may allow a malicious user to gain unauthorized access. The issue is triggered when an attacker gains access to the URL used by an authenticated user, which contains all necessary authentication information. It is possible that the flaw may allow unauthorized access resulting in a loss of integrity.
Upgrade to version 2.5.2-0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.