Shodan
Vulnerabilities
Vulnerable Software
Oretnom23:  >> Customer Support System  Security Vulnerabilities
CVE-2025-40728
SQL injection vulnerability in Customer Support System v1.0. This vulnerability allows an authenticated attacker to retrieve, create, update and delete databases via the id parameter in the /customer_support/manage_user.php endpoint.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-06-16
CVE-2025-40729
Reflected Cross-Site Scripting (XSS) in /customer_support/index.php in Customer Support System v1.0, which allows remote attackers to execute arbitrary code via the page parameter.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-06-16
CVE-2023-49978
Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators.
CVSS Score
8.8
EPSS Score
0.004
Published
2024-03-21
CVE-2023-51281
Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-03-07
CVE-2023-49971
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customer_support/index.php?page=customer_list.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-03-06
CVE-2023-49973
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter at /customer_support/index.php?page=customer_list.
CVSS Score
6.1
EPSS Score
0.004
Published
2024-03-06
CVE-2023-49974
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contact parameter at /customer_support/index.php?page=customer_list.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-03-06
CVE-2023-49976
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the subject parameter at /customer_support/index.php?page=new_ticket.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-03-06
CVE-2023-49977
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the address parameter at /customer_support/index.php?page=new_customer.
CVSS Score
5.4
EPSS Score
0.003
Published
2024-03-06
CVE-2023-49546
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the email parameter at /customer_support/ajax.php.
CVSS Score
8.8
EPSS Score
0.005
Published
2024-03-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved