CVE-2026-2547 is a cross-site scripting (XSS) vulnerability identified in LigeroSmart, specifically in the AgentDashboard function of the /otrs/index.pl file. The vulnerability arises from improper sanitization of the Subaction parameter, which an attacker can manipulate to inject malicious JavaScript code. This flaw allows remote attackers to execute arbitrary scripts in the context of the victim's browser when they interact with a crafted URL or input. The vulnerability affects all LigeroSmart versions from 6.1.0 through 6.1.26. The CVSS 4.0 base score is 5.1, indicating a medium severity level, with an attack vector of network (remote), low attack complexity, no privileges required, but user interaction needed. The impact primarily affects confidentiality and integrity, with no direct availability impact. The LigeroSmart project was informed early via an issue report but has not yet responded or released a patch. No known exploits have been observed in the wild, but public exploit code is available, increasing the risk of exploitation. The vulnerability is typical of reflected XSS, which can be leveraged for session hijacking, phishing, or defacement attacks. Since the vulnerability does not require authentication, any user accessing the vulnerable endpoint with a malicious payload could be affected. The lack of a patch necessitates immediate mitigation through input validation, output encoding, and user awareness.

The primary impact of CVE-2026-2547 is on confidentiality and integrity. Attackers can execute arbitrary scripts in users' browsers, potentially stealing session cookies, credentials, or performing unauthorized actions on behalf of the user. This can lead to account compromise, data leakage, or manipulation of displayed content. Although availability is not directly affected, successful exploitation can undermine user trust and disrupt normal operations. Since the vulnerability requires user interaction, social engineering or phishing campaigns could be used to lure victims. Organizations relying on LigeroSmart for IT service management or customer support may face reputational damage and operational risks if attackers exploit this flaw. The public availability of exploit code increases the likelihood of opportunistic attacks, especially against unpatched or poorly monitored environments. The lack of an official patch or response from the vendor prolongs exposure and complicates remediation efforts.

1. Implement strict input validation on the Subaction parameter to reject or sanitize unexpected or malicious input before processing. 2. Apply output encoding or escaping on all user-controllable data rendered in the AgentDashboard interface to prevent script execution. 3. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. 4. Educate users to be cautious of suspicious links or inputs that could trigger XSS attacks. 5. Monitor web server logs and application behavior for unusual requests targeting the Subaction parameter. 6. If possible, restrict access to the AgentDashboard function to trusted users or internal networks until a patch is available. 7. Consider deploying web application firewalls (WAFs) with rules to detect and block XSS payloads targeting this vulnerability. 8. Engage with the LigeroSmart community or maintainers to track patch releases and apply updates promptly once available. 9. Conduct regular security assessments and penetration testing focusing on input handling and XSS vectors in LigeroSmart deployments.