CVE-2023-49977

Published
View on NVD ↗
CVSS v3
5.4
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT

Description

A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the address parameter at /customer_support/index.php?page=new_customer.

geraldoalcantara/CVE-2023-49977
geraldoalcantara/CVE-2023-49977
Customer Support System 1.0 - Cross-Site Scripting (XSS) Vulnerability in "Address" field/parameter on "customer_list" Page
GitHubGitHub