Filtered by vendor Oretnom23
Subscriptions
Filtered by product Customer Support System
Subscriptions
Total
15 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-49977 | 1 Oretnom23 | 1 Customer Support System | 2025-03-28 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the address parameter at /customer_support/index.php?page=new_customer. | ||||
| CVE-2023-49976 | 1 Oretnom23 | 1 Customer Support System | 2025-03-28 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the subject parameter at /customer_support/index.php?page=new_ticket. | ||||
| CVE-2023-49974 | 1 Oretnom23 | 1 Customer Support System | 2025-03-28 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contact parameter at /customer_support/index.php?page=customer_list. | ||||
| CVE-2023-51281 | 1 Oretnom23 | 1 Customer Support System | 2025-03-28 | 5.4 Medium |
| Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters. | ||||
| CVE-2023-49545 | 1 Oretnom23 | 1 Customer Support System | 2025-03-28 | 7.5 High |
| A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization. | ||||
| CVE-2023-49546 | 1 Oretnom23 | 1 Customer Support System | 2025-03-28 | 8.8 High |
| Customer Support System v1 was discovered to contain a SQL injection vulnerability via the email parameter at /customer_support/ajax.php. | ||||
| CVE-2023-49547 | 1 Oretnom23 | 1 Customer Support System | 2025-03-28 | 9.8 Critical |
| Customer Support System v1 was discovered to contain a SQL injection vulnerability via the username parameter at /customer_support/ajax.php?action=login. | ||||
| CVE-2023-49548 | 1 Oretnom23 | 1 Customer Support System | 2025-03-28 | 8.8 High |
| Customer Support System v1 was discovered to contain a SQL injection vulnerability via the lastname parameter at /customer_support/ajax.php?action=save_user. | ||||
| CVE-2023-49968 | 1 Oretnom23 | 1 Customer Support System | 2025-03-28 | 7.3 High |
| Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customer_support/manage_department.php. | ||||
| CVE-2023-49969 | 1 Oretnom23 | 1 Customer Support System | 2025-03-28 | 4.3 Medium |
| Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customer_support/index.php?page=edit_customer. | ||||
| CVE-2023-49970 | 1 Oretnom23 | 1 Customer Support System | 2025-03-28 | 9.8 Critical |
| Customer Support System v1 was discovered to contain a SQL injection vulnerability via the subject parameter at /customer_support/ajax.php?action=save_ticket. | ||||
| CVE-2023-49544 | 1 Oretnom23 | 1 Customer Support System | 2025-03-28 | 4.9 Medium |
| A local file inclusion (LFI) in Customer Support System v1 allows attackers to include internal PHP files and gain unauthorized acces via manipulation of the page= parameter at /customer_support/index.php. | ||||
| CVE-2023-49971 | 1 Oretnom23 | 1 Customer Support System | 2025-01-15 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customer_support/index.php?page=customer_list. | ||||
| CVE-2023-49973 | 1 Oretnom23 | 1 Customer Support System | 2025-01-15 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter at /customer_support/index.php?page=customer_list. | ||||
| CVE-2023-50070 | 1 Oretnom23 | 1 Customer Support System | 2024-11-21 | 8.8 High |
| Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject. | ||||
Page 1 of 1.