Shodan
Vulnerabilities
Vulnerable Software
Oretnom23:  >> Customer Support System  >> 1.0  Security Vulnerabilities
CVE-2023-49978
Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators.
CVSS Score
8.8
EPSS Score
0.003
Published
2024-03-21
CVE-2023-51281
Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-03-07
CVE-2023-49971
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customer_support/index.php?page=customer_list.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-03-06
CVE-2023-49973
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter at /customer_support/index.php?page=customer_list.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-03-06
CVE-2023-49974
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contact parameter at /customer_support/index.php?page=customer_list.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-03-06
CVE-2023-49976
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the subject parameter at /customer_support/index.php?page=new_ticket.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-03-06
CVE-2023-49977
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the address parameter at /customer_support/index.php?page=new_customer.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-03-06
CVE-2023-49546
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the email parameter at /customer_support/ajax.php.
CVSS Score
8.8
EPSS Score
0.004
Published
2024-03-05
CVE-2023-49547
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the username parameter at /customer_support/ajax.php?action=login.
CVSS Score
9.8
EPSS Score
0.047
Published
2024-03-05
CVE-2023-49548
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the lastname parameter at /customer_support/ajax.php?action=save_user.
CVSS Score
8.8
EPSS Score
0.004
Published
2024-03-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved