Cross-Site Scripting (XSS) Vulnerability in Customer Support System v1
CVE-2023-49971

6.1MEDIUM

Key Information:

Vendor: Customer Support System
Status: Customer Support System
Vendor: CVE Published:; 6 March 2024

🔔 Create Customer Support System Vulnerability Alert

What is CVE-2023-49971?

A serious cross-site scripting (XSS) vulnerability has been identified in the Customer Support System, allowing unauthorized attackers to inject and execute arbitrary web scripts or HTML code. This vulnerability is exploited through the firstname parameter, specifically at the endpoint /customer_support/index.php?page=customer_list. Users accessing the affected system may be susceptible to phishing attacks or other malicious activities as attackers can deliver harmful scripts that compromise user data integrity and system security.

References

https://www.sourcecodester.com/php/14587/customer-support...

https://github.com/geraldoalcantara/CVE-2023-49971

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 6, 2024
Vulnerability Reserved
Dec 4, 2023

JSON