CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49973
https://notcve.org/view.php?id=CVE-2023-49973
06 Mar 2024 — A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter at /customer_support/index.php?page=customer_list. Una vulnerabilidad de cross-site scripting (XSS) en Customer Support System v1 permite a los atacantes ejecutar scripts web arbitrarios o HTML a través de un payload manipulado inyectado en el parámetro de correo electrónico en /customer_support/index.php?page=customer_list... • https://github.com/geraldoalcantara/CVE-2023-49973 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-49546
https://notcve.org/view.php?id=CVE-2023-49546
04 Mar 2024 — Customer Support System v1 was discovered to contain a SQL injection vulnerability via the email parameter at /customer_support/ajax.php. Se descubrió que Customer Support System v1 contenía una vulnerabilidad de inyección SQL a través del parámetro de correo electrónico en /customer_support/ajax.php. • https://github.com/geraldoalcantara/CVE-2023-49546 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 5%CPEs: 2EXPL: 1CVE-2023-49547
https://notcve.org/view.php?id=CVE-2023-49547
04 Mar 2024 — Customer Support System v1 was discovered to contain a SQL injection vulnerability via the username parameter at /customer_support/ajax.php?action=login. Se descubrió que Customer Support System v1 contenía una vulnerabilidad de inyección SQL a través del parámetro de nombre de usuario en /customer_support/ajax.php?action=login. • https://github.com/geraldoalcantara/CVE-2023-49547 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-49548
https://notcve.org/view.php?id=CVE-2023-49548
04 Mar 2024 — Customer Support System v1 was discovered to contain a SQL injection vulnerability via the lastname parameter at /customer_support/ajax.php?action=save_user. Se descubrió que Customer Support System v1 contiene una vulnerabilidad de inyección SQL a través del parámetro apellido en /customer_support/ajax.php?action=save_user. • https://github.com/geraldoalcantara/CVE-2023-49548 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-49968
https://notcve.org/view.php?id=CVE-2023-49968
04 Mar 2024 — Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customer_support/manage_department.php. Se descubrió que Customer Support System v1 contenía una vulnerabilidad de inyección SQL a través del parámetro id en /customer_support/manage_department.php. • https://github.com/geraldoalcantara/CVE-2023-49968 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-49969
https://notcve.org/view.php?id=CVE-2023-49969
04 Mar 2024 — Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customer_support/index.php?page=edit_customer. Se descubrió que Customer Support System v1 contiene una vulnerabilidad de inyección SQL a través del parámetro id en /customer_support/index.php?page=edit_customer. • https://github.com/geraldoalcantara/CVE-2023-49969 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-49970
https://notcve.org/view.php?id=CVE-2023-49970
04 Mar 2024 — Customer Support System v1 was discovered to contain a SQL injection vulnerability via the subject parameter at /customer_support/ajax.php?action=save_ticket. Se descubrió que Customer Support System v1 contenía una vulnerabilidad de inyección SQL a través del parámetro de asunto en /customer_support/ajax.php?action=save_ticket. • https://github.com/geraldoalcantara/CVE-2023-49970 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 1CVE-2023-49544
https://notcve.org/view.php?id=CVE-2023-49544
01 Mar 2024 — A local file inclusion (LFI) in Customer Support System v1 allows attackers to include internal PHP files and gain unauthorized acces via manipulation of the page= parameter at /customer_support/index.php. • https://github.com/geraldoalcantara/CVE-2023-49544 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-49545
https://notcve.org/view.php?id=CVE-2023-49545
01 Mar 2024 — A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization. • https://github.com/geraldoalcantara/CVE-2023-49545 • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1031 – CodeAstro Expense Management System Add Expenses Page 5-Add-Expenses.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-1031
30 Jan 2024 — A vulnerability was found in CodeAstro Expense Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file templates/5-Add-Expenses.php of the component Add Expenses Page. The manipulation of the argument item leads to cross site scripting. The attack can be initiated remotely. • https://docs.qq.com/doc/DYmhqV3piekZ5dlZi • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •