CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2023-51281
https://notcve.org/view.php?id=CVE-2023-51281
07 Mar 2024 — Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters. La vulnerabilidad de Cross-Site Scripting en Customer Support System v.1.0 permite a un atacante remoto escalar privilegios a través de un script manipulado con parámetros de nombre, "apellido", "segundo nombre", "contacto" y dirección. • https://github.com/geraldoalcantara/CVE-2023-51281 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 1CVE-2023-49971
https://notcve.org/view.php?id=CVE-2023-49971
06 Mar 2024 — A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customer_support/index.php?page=customer_list. Una vulnerabilidad de cross-site scripting (XSS) en Customer Support System v1 permite a los atacantes ejecutar scripts web arbitrarios o HTML a través de un payload manipulado inyectado en el parámetro de nombre en /customer_support/index.php?page=customer_list. • https://github.com/geraldoalcantara/CVE-2023-49971 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49973
https://notcve.org/view.php?id=CVE-2023-49973
06 Mar 2024 — A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter at /customer_support/index.php?page=customer_list. Una vulnerabilidad de cross-site scripting (XSS) en Customer Support System v1 permite a los atacantes ejecutar scripts web arbitrarios o HTML a través de un payload manipulado inyectado en el parámetro de correo electrónico en /customer_support/index.php?page=customer_list... • https://github.com/geraldoalcantara/CVE-2023-49973 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-49546
https://notcve.org/view.php?id=CVE-2023-49546
04 Mar 2024 — Customer Support System v1 was discovered to contain a SQL injection vulnerability via the email parameter at /customer_support/ajax.php. Se descubrió que Customer Support System v1 contenía una vulnerabilidad de inyección SQL a través del parámetro de correo electrónico en /customer_support/ajax.php. • https://github.com/geraldoalcantara/CVE-2023-49546 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 5%CPEs: 2EXPL: 1CVE-2023-49547
https://notcve.org/view.php?id=CVE-2023-49547
04 Mar 2024 — Customer Support System v1 was discovered to contain a SQL injection vulnerability via the username parameter at /customer_support/ajax.php?action=login. Se descubrió que Customer Support System v1 contenía una vulnerabilidad de inyección SQL a través del parámetro de nombre de usuario en /customer_support/ajax.php?action=login. • https://github.com/geraldoalcantara/CVE-2023-49547 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-49548
https://notcve.org/view.php?id=CVE-2023-49548
04 Mar 2024 — Customer Support System v1 was discovered to contain a SQL injection vulnerability via the lastname parameter at /customer_support/ajax.php?action=save_user. Se descubrió que Customer Support System v1 contiene una vulnerabilidad de inyección SQL a través del parámetro apellido en /customer_support/ajax.php?action=save_user. • https://github.com/geraldoalcantara/CVE-2023-49548 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-49968
https://notcve.org/view.php?id=CVE-2023-49968
04 Mar 2024 — Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customer_support/manage_department.php. Se descubrió que Customer Support System v1 contenía una vulnerabilidad de inyección SQL a través del parámetro id en /customer_support/manage_department.php. • https://github.com/geraldoalcantara/CVE-2023-49968 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-49969
https://notcve.org/view.php?id=CVE-2023-49969
04 Mar 2024 — Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customer_support/index.php?page=edit_customer. Se descubrió que Customer Support System v1 contiene una vulnerabilidad de inyección SQL a través del parámetro id en /customer_support/index.php?page=edit_customer. • https://github.com/geraldoalcantara/CVE-2023-49969 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-49970
https://notcve.org/view.php?id=CVE-2023-49970
04 Mar 2024 — Customer Support System v1 was discovered to contain a SQL injection vulnerability via the subject parameter at /customer_support/ajax.php?action=save_ticket. Se descubrió que Customer Support System v1 contenía una vulnerabilidad de inyección SQL a través del parámetro de asunto en /customer_support/ajax.php?action=save_ticket. • https://github.com/geraldoalcantara/CVE-2023-49970 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 1CVE-2023-49544
https://notcve.org/view.php?id=CVE-2023-49544
01 Mar 2024 — A local file inclusion (LFI) in Customer Support System v1 allows attackers to include internal PHP files and gain unauthorized acces via manipulation of the page= parameter at /customer_support/index.php. • https://github.com/geraldoalcantara/CVE-2023-49544 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •