Total
15 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49977 | 1 Oretnom23 | 1 Customer Support System | 2025-03-28 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the address parameter at /customer_support/index.php?page=new_customer. | |||||
| CVE-2023-49976 | 1 Oretnom23 | 1 Customer Support System | 2025-03-28 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the subject parameter at /customer_support/index.php?page=new_ticket. | |||||
| CVE-2023-49974 | 1 Oretnom23 | 1 Customer Support System | 2025-03-28 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contact parameter at /customer_support/index.php?page=customer_list. | |||||
| CVE-2023-51281 | 1 Oretnom23 | 1 Customer Support System | 2025-03-28 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters. | |||||
| CVE-2023-49545 | 1 Oretnom23 | 1 Customer Support System | 2025-03-28 | N/A | 7.5 HIGH |
| A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization. | |||||
| CVE-2023-49546 | 1 Oretnom23 | 1 Customer Support System | 2025-03-28 | N/A | 8.8 HIGH |
| Customer Support System v1 was discovered to contain a SQL injection vulnerability via the email parameter at /customer_support/ajax.php. | |||||
| CVE-2023-49547 | 1 Oretnom23 | 1 Customer Support System | 2025-03-28 | N/A | 9.8 CRITICAL |
| Customer Support System v1 was discovered to contain a SQL injection vulnerability via the username parameter at /customer_support/ajax.php?action=login. | |||||
| CVE-2023-49548 | 1 Oretnom23 | 1 Customer Support System | 2025-03-28 | N/A | 8.8 HIGH |
| Customer Support System v1 was discovered to contain a SQL injection vulnerability via the lastname parameter at /customer_support/ajax.php?action=save_user. | |||||
| CVE-2023-49968 | 1 Oretnom23 | 1 Customer Support System | 2025-03-28 | N/A | 7.3 HIGH |
| Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customer_support/manage_department.php. | |||||
| CVE-2023-49969 | 1 Oretnom23 | 1 Customer Support System | 2025-03-28 | N/A | 4.3 MEDIUM |
| Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customer_support/index.php?page=edit_customer. | |||||
| CVE-2023-49970 | 1 Oretnom23 | 1 Customer Support System | 2025-03-28 | N/A | 9.8 CRITICAL |
| Customer Support System v1 was discovered to contain a SQL injection vulnerability via the subject parameter at /customer_support/ajax.php?action=save_ticket. | |||||
| CVE-2023-49544 | 1 Oretnom23 | 1 Customer Support System | 2025-03-28 | N/A | 4.9 MEDIUM |
| A local file inclusion (LFI) in Customer Support System v1 allows attackers to include internal PHP files and gain unauthorized acces via manipulation of the page= parameter at /customer_support/index.php. | |||||
| CVE-2023-49971 | 1 Oretnom23 | 1 Customer Support System | 2025-01-15 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customer_support/index.php?page=customer_list. | |||||
| CVE-2023-49973 | 1 Oretnom23 | 1 Customer Support System | 2025-01-15 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter at /customer_support/index.php?page=customer_list. | |||||
| CVE-2023-50070 | 1 Oretnom23 | 1 Customer Support System | 2024-11-21 | N/A | 8.8 HIGH |
| Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject. | |||||