CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51281
https://notcve.org/view.php?id=CVE-2023-51281
07 Mar 2024 — Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters. La vulnerabilidad de Cross-Site Scripting en Customer Support System v.1.0 permite a un atacante remoto escalar privilegios a través de un script manipulado con parámetros de nombre, "apellido", "segundo nombre", "contacto" y dirección. • https://github.com/geraldoalcantara/CVE-2023-51281 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49971
https://notcve.org/view.php?id=CVE-2023-49971
06 Mar 2024 — A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customer_support/index.php?page=customer_list. Una vulnerabilidad de cross-site scripting (XSS) en Customer Support System v1 permite a los atacantes ejecutar scripts web arbitrarios o HTML a través de un payload manipulado inyectado en el parámetro de nombre en /customer_support/index.php?page=customer_list. • https://github.com/geraldoalcantara/CVE-2023-49971 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49974
https://notcve.org/view.php?id=CVE-2023-49974
06 Mar 2024 — A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contact parameter at /customer_support/index.php?page=customer_list. Una vulnerabilidad de cross-site scripting (XSS) en Customer Support System v1 permite a los atacantes ejecutar scripts web arbitrarios o HTML a través de un payload manipulado inyectado en el parámetro de contacto en /customer_support/index.php?page=customer_list. • https://github.com/geraldoalcantara/CVE-2023-49974 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49977
https://notcve.org/view.php?id=CVE-2023-49977
06 Mar 2024 — A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the address parameter at /customer_support/index.php?page=new_customer. Una vulnerabilidad de cross-site scripting (XSS) en Customer Support System v1 permite a los atacantes ejecutar scripts web arbitrarios o HTML a través de un payload manipulado inyectado en el parámetro de dirección en /customer_support/index.php?page=new_customer. • https://github.com/geraldoalcantara/CVE-2023-49977 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49978
https://notcve.org/view.php?id=CVE-2023-49978
06 Mar 2024 — Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators. El control de acceso incorrecto en Customer Support System v1 permite a los usuarios que no son administradores acceder a páginas administrativas y ejecutar acciones reservadas para administradores. • https://github.com/geraldoalcantara/CVE-2023-49978 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49979
https://notcve.org/view.php?id=CVE-2023-49979
06 Mar 2024 — A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization. Una vulnerabilidad de listado de directorios en Customer Support System v1 permite a los atacantes enumerar directorios y archivos confidenciales dentro de la aplicación sin requerir autorización. • https://github.com/geraldoalcantara/CVE-2023-49979 • CWE-548: Exposure of Information Through Directory Listing •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49546
https://notcve.org/view.php?id=CVE-2023-49546
04 Mar 2024 — Customer Support System v1 was discovered to contain a SQL injection vulnerability via the email parameter at /customer_support/ajax.php. Se descubrió que Customer Support System v1 contenía una vulnerabilidad de inyección SQL a través del parámetro de correo electrónico en /customer_support/ajax.php. • https://github.com/geraldoalcantara/CVE-2023-49546 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49547
https://notcve.org/view.php?id=CVE-2023-49547
04 Mar 2024 — Customer Support System v1 was discovered to contain a SQL injection vulnerability via the username parameter at /customer_support/ajax.php?action=login. Se descubrió que Customer Support System v1 contenía una vulnerabilidad de inyección SQL a través del parámetro de nombre de usuario en /customer_support/ajax.php?action=login. • https://github.com/geraldoalcantara/CVE-2023-49547 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49548
https://notcve.org/view.php?id=CVE-2023-49548
04 Mar 2024 — Customer Support System v1 was discovered to contain a SQL injection vulnerability via the lastname parameter at /customer_support/ajax.php?action=save_user. Se descubrió que Customer Support System v1 contiene una vulnerabilidad de inyección SQL a través del parámetro apellido en /customer_support/ajax.php?action=save_user. • https://github.com/geraldoalcantara/CVE-2023-49548 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49968
https://notcve.org/view.php?id=CVE-2023-49968
04 Mar 2024 — Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customer_support/manage_department.php. Se descubrió que Customer Support System v1 contenía una vulnerabilidad de inyección SQL a través del parámetro id en /customer_support/manage_department.php. • https://github.com/geraldoalcantara/CVE-2023-49968 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •