Lucene search
Geraldo AlcantaraPACKETSTORM:179276HistoryJul 01, 2024 - 12:00 a.m.
Customer Support System 1.0 Cross Site Scripting
2024-07-0100:00:00
Geraldo Alcantara
packetstormsecurity.com
37
cross site scripting
customer support system
vulnerability
ticket list
php/mysqli
cve-2023-49976
geraldo alcantara
source code
AI Score
7.1
Confidence
Low
`# Exploit Title: Customer Support System 1.0 - (XSS) Cross-Site Scripting Vulnerability in the "subject" at "ticket_list"
# Date: 28/11/2023
# Exploit Author: Geraldo Alcantara
# Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14587&title=Customer+Support+System+using+PHP%2FMySQLi+with+Source+Code
# Version: 1.0
# Tested on: Windows
# CVE : CVE-2023-49976
*Steps to reproduce:*
1- Log in to the application.
2- Visit the ticket creation/editing page.
3- Create/Edit a ticket and insert the malicious payload into the
"subject" field/parameter.
Payload: <dt/><b/><script>alert(document.domain)</script>
`
Related
nvd
nvd
CVE-2023-49976
2024-03-06 01:15:07
exploitdb
exploitdb
Customer Support System 1.0 - Stored XSS
2024-07-01 00:00:00
cve
cve
CVE-2023-49976
2024-03-06 01:15:07
cnvd
cnvd
Customer Support System Cross-Site Scripting Vulnerability (CNVD-2024-14028)
2024-03-12 00:00:00
prion
prion
Cross site scripting
2024-03-06 01:15:00
cvelist
cvelist
CVE-2023-49976
2024-03-06 00:00:00
vulnrichment
vulnrichment
CVE-2023-49976
2024-03-06 00:00:00
zdt
zdt
Customer Support System 1.0 - Stored XSS Vulnerability
2024-07-02 00:00:00