Security issues in 25.05
We would like to extend our sincere thanks to @4rdr for responsibly disclosing security vulnerabilities in ITFlow version 25.05. Their contribution helped us patch the following issues in version 25.06:
- SQL Injection vulnerability in the ticket filtering category variable
- Cross Site Scripting (XSS) vulnerabilities in ticket subjects and contact names
- XSS vulnerability in the URL field for custom links
- XSS risk due to allowing XML file uploads
@4rdr - thank you for helping keep the ITFlow community safe.
4rdr Reporter
Security issues in 25.05
We would like to extend our sincere thanks to @4rdr for responsibly disclosing security vulnerabilities in ITFlow version 25.05. Their contribution helped us patch the following issues in version 25.06:
@4rdr - thank you for helping keep the ITFlow community safe.