Lucene search
K

276 matches found

Positive Technologies
Positive Technologies
added 2025/06/16 12:0 a.m.7 views

PT-2025-25534 · Unknown · Customer Support System

Name of the Vulnerable Software and Affected Versions: Customer Support System version 1.0 Description: The issue is related to a Reflected Cross-Site Scripting XSS in the /customer support/index.php endpoint, which allows remote attackers to execute arbitrary code via the page parameter. This...

4.8CVSS6.4AI score0.00317EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/06/16 12:0 a.m.6 views

PT-2025-25533 · Unknown · Customer Support System

Name of the Vulnerable Software and Affected Versions: Customer Support System version 1.0 Description: This issue allows an authenticated attacker to retrieve, create, update, and delete databases via the id parameter in the "/customer support/manage user.php" endpoint. Recommendations: For...

8.7CVSS6.3AI score0.00419EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/06/16 12:0 a.m.4 views

Customer Support System 跨站脚本漏洞

Customer Support System is a customer support system by oretnom23 Individual Developer that helps a particular business or company to provide customer support after a customer has purchased a product from them. A cross-site scripting vulnerability exists in Customer Support System v1.0, which ste...

6.1CVSS6.3AI score0.00317EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:30 a.m.8 views

CVE-2023-41685

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ilGhera Woocommerce Support System allows SQL Injection.This issue affects Woocommerce Support System: from n/a through 1.2.1...

9.8CVSS8.9AI score0.00547EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:8 a.m.7 views

CVE-2023-50071

Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customersupport/ajax.php?action=savedepartment via id or name...

8.8CVSS8.2AI score0.13754EPSS
Exploits6References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:5 a.m.5 views

CVE-2023-49970

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the subject parameter at /customersupport/ajax.php?action=saveticket...

9.8CVSS8.3AI score0.00818EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 5:5 a.m.8 views

CVE-2023-49547

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the username parameter at /customersupport/ajax.php?action=login...

9.8CVSS8.3AI score0.0115EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 5:5 a.m.8 views

CVE-2023-49974

A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contact parameter at /customersupport/index.php?page=customerlist...

6.1CVSS5.7AI score0.0045EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 4:30 a.m.5 views

CVE-2023-51281

Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters...

5.4CVSS6.7AI score0.00478EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:42 a.m.8 views

CVE-2023-41686

Cross-Site Request Forgery CSRF vulnerability in ilGhera Woocommerce Support System allows Cross Site Request Forgery.This issue affects Woocommerce Support System: from n/a through 1.2.2...

6.5CVSS8.5AI score0.0026EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:48 p.m.5 views

CVE-2020-23983

Michael-design iChat Realtime PHP Live Support System 1.6 has persistent Cross-site Scripting via chat,text-filed tags...

5.4CVSS6.7AI score0.00602EPSS
Exploits1
Hacker One
Hacker One
added 2025/04/26 4:54 a.m.15 views

HackerOne: Internal Access to Hackerone confluence Docs

The vulnerability allowed external access to HackerOne's internal Confluence documentation through a support system misconfiguration. This configuration issue granted the ability to view and modify limited content within the Confluence instance...

6.9AI score
Exploits0
Cvelist
Cvelist
added 2024/12/13 2:24 p.m.28 views

CVE-2023-41686 WordPress Woocommerce Support System plugin <= 1.2.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ilGhera Woocommerce Support System allows Cross Site Request Forgery.This issue affects Woocommerce Support System: from n/a through 1.2.2...

6.5CVSS0.0026EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/13 12:0 a.m.5 views

PT-2024-12955 · Unknown · Woocommerce Support System

Name of the Vulnerable Software and Affected Versions: WooCommerce Support System versions 1.2.0 through 1.2.2 Description: A Cross-Site Request Forgery CSRF issue affects the WooCommerce Support System, allowing unauthorized actions. Users are advised to update to the latest version to mitigate...

6.5CVSS9.5AI score0.0026EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/12/13 12:0 a.m.2 views

WordPress plugin Woocommerce Support System 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.5CVSS8.4AI score0.0026EPSS
Exploits0References1
0day.today
0day.today
added 2024/07/02 12:0 a.m.168 views

Customer Support System 1.0 - Stored XSS Vulnerability

Exploit Title: Customer Support System 1.0 - XSS Cross-Site Scripting Vulnerability in the "subject" at "ticketlist" Exploit Author: Geraldo Alcantara Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...

5.4CVSS7AI score0.00466EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/07/01 12:0 a.m.174 views

Customer Support System 1.0 Cross Site Scripting

Exploit Title: Customer Support System 1.0 - XSS Cross-Site Scripting Vulnerability in the "subject" at "ticketlist" Date: 28/11/2023 Exploit Author: Geraldo Alcantara Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...

7.1AI score0.00466EPSS
Exploits4
Exploit DB
Exploit DB
added 2024/07/01 12:0 a.m.224 views

Customer Support System 1.0 - Stored XSS

Exploit Title: Customer Support System 1.0 - XSS Cross-Site Scripting Vulnerability in the "subject" at "ticketlist" Date: 28/11/2023 Exploit Author: Geraldo Alcantara Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...

5.4CVSS6.7AI score0.00466EPSS
Exploits4
OSV
OSV
added 2024/03/21 2:49 a.m.5 views

CVE-2023-49979

A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization...

7.5CVSS5.8AI score0.00745EPSS
Exploits1References2
NVD
NVD
added 2024/03/21 2:49 a.m.11 views

CVE-2023-49979

A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization...

7.5CVSS6.4AI score0.00745EPSS
Exploits1References2
Rows per page
Query Builder