Skip to main content

CVE-2023-49976

Description

A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the subject parameter at /customer_support/index.php?page=new_ticket.

NVD
Severity: N/A
CVE ID: CVE-2023-49976
CVSS Score: N/A
CVSS Metrics: NVD assessment not yet provided.

Refrence: NVDMITRE

Proof Of Concept

geraldoalcantara

Customer Support System 1.0 is vulnerable to stored XSS. A XSS vulnerability exists in version 1 of the Customer Support System. A malicious actor can insert JavaScript code through the "subject" field when editing/creating a ticket.

Refrence: GitHub

Last updated on by Vulnerability_bot_v1.3.8