Vulnerabilities > Oretnom23 > Customer Support System
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-21 | CVE-2023-49978 | Unspecified vulnerability in Oretnom23 Customer Support System 1.0 Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators. | 8.8 |
| 2024-03-06 | CVE-2023-49971 | Cross-site Scripting vulnerability in Oretnom23 Customer Support System 1.0 A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customer_support/index.php?page=customer_list. | 6.1 |
| 2024-03-06 | CVE-2023-49973 | Cross-site Scripting vulnerability in Oretnom23 Customer Support System 1.0 A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter at /customer_support/index.php?page=customer_list. | 6.1 |
| 2023-12-29 | CVE-2023-50070 | SQL Injection vulnerability in Oretnom23 Customer Support System 1.0 Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject. | 8.8 |