276 matches found
PT-2025-25534 · Unknown · Customer Support System
Name of the Vulnerable Software and Affected Versions: Customer Support System version 1.0 Description: The issue is related to a Reflected Cross-Site Scripting XSS in the /customer support/index.php endpoint, which allows remote attackers to execute arbitrary code via the page parameter. This...
PT-2025-25533 · Unknown · Customer Support System
Name of the Vulnerable Software and Affected Versions: Customer Support System version 1.0 Description: This issue allows an authenticated attacker to retrieve, create, update, and delete databases via the id parameter in the "/customer support/manage user.php" endpoint. Recommendations: For...
Customer Support System 跨站脚本漏洞
Customer Support System is a customer support system by oretnom23 Individual Developer that helps a particular business or company to provide customer support after a customer has purchased a product from them. A cross-site scripting vulnerability exists in Customer Support System v1.0, which ste...
CVE-2023-41685
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ilGhera Woocommerce Support System allows SQL Injection.This issue affects Woocommerce Support System: from n/a through 1.2.1...
CVE-2023-50071
Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customersupport/ajax.php?action=savedepartment via id or name...
CVE-2023-49970
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the subject parameter at /customersupport/ajax.php?action=saveticket...
CVE-2023-49547
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the username parameter at /customersupport/ajax.php?action=login...
CVE-2023-49974
A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contact parameter at /customersupport/index.php?page=customerlist...
CVE-2023-51281
Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters...
CVE-2023-41686
Cross-Site Request Forgery CSRF vulnerability in ilGhera Woocommerce Support System allows Cross Site Request Forgery.This issue affects Woocommerce Support System: from n/a through 1.2.2...
CVE-2020-23983
Michael-design iChat Realtime PHP Live Support System 1.6 has persistent Cross-site Scripting via chat,text-filed tags...
HackerOne: Internal Access to Hackerone confluence Docs
The vulnerability allowed external access to HackerOne's internal Confluence documentation through a support system misconfiguration. This configuration issue granted the ability to view and modify limited content within the Confluence instance...
CVE-2023-41686 WordPress Woocommerce Support System plugin <= 1.2.2 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in ilGhera Woocommerce Support System allows Cross Site Request Forgery.This issue affects Woocommerce Support System: from n/a through 1.2.2...
PT-2024-12955 · Unknown · Woocommerce Support System
Name of the Vulnerable Software and Affected Versions: WooCommerce Support System versions 1.2.0 through 1.2.2 Description: A Cross-Site Request Forgery CSRF issue affects the WooCommerce Support System, allowing unauthorized actions. Users are advised to update to the latest version to mitigate...
WordPress plugin Woocommerce Support System 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
Customer Support System 1.0 - Stored XSS Vulnerability
Exploit Title: Customer Support System 1.0 - XSS Cross-Site Scripting Vulnerability in the "subject" at "ticketlist" Exploit Author: Geraldo Alcantara Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...
Customer Support System 1.0 Cross Site Scripting
Exploit Title: Customer Support System 1.0 - XSS Cross-Site Scripting Vulnerability in the "subject" at "ticketlist" Date: 28/11/2023 Exploit Author: Geraldo Alcantara Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...
Customer Support System 1.0 - Stored XSS
Exploit Title: Customer Support System 1.0 - XSS Cross-Site Scripting Vulnerability in the "subject" at "ticketlist" Date: 28/11/2023 Exploit Author: Geraldo Alcantara Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...
CVE-2023-49979
A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization...
CVE-2023-49979
A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization...