geraldoalcantara/CVE-2023-51281

Releases0

Multiple cross-site scripting (XSS) vulnerabilities in /customer_support/ajax.php?action=save_customer in Customer Support System 1.0 allow authenticated attackers to execute to execute arbitrary web scripts or HTML via a crafted payload injected into the “firstname”, "lastname", "middlename", "contact" or “address” parameters.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-51281 ↗	Mar 7, 2024Thursday, 7 March 2024, 01:15	5.4 MEDIUM	—
Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters.