Skip to main content

CVE-2023-51281

Description

Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters.

NVD
Severity: N/A
CVE ID: CVE-2023-51281
CVSS Score: N/A
CVSS Metrics: NVD assessment not yet provided.

Refrence: NVD MITRE

Proof Of Concept

geraldoalcantara

Multiple cross-site scripting (XSS) vulnerabilities in /customer_support/ajax.php?action=save_customer in Customer Support System 1.0 allow authenticated attackers to execute to execute arbitrary web scripts or HTML via a crafted payload injected into the “firstname”, "lastname", "middlename", "contact" or “address” parameters.

Refrence: GitHub

Description
Proof Of Concept