Customer Support System CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (6 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-70141	2 Oretnom23, Sourcecodester	2 Customer Support System, Customer Support System	2026-02-23	9.4 Critical
SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher does not enforce authentication or authorization before invoking administrative methods in admin_class.php based on the action parameter. An unauthenticated remote attacker can perform sensitive operations such as creating customers and deleting users (including the admin account), as well as modifying or deleting other application records (tickets, departments, comments), resulting in unauthorized data modification.
CVE-2023-49974	2 Oretnom23, Sourcecodester	2 Customer Support System, Customer Support System	2025-03-28	6.1 Medium
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contact parameter at /customer_support/index.php?page=customer_list.
CVE-2023-51281	2 Oretnom23, Sourcecodester	2 Customer Support System, Customer Support System	2025-03-28	5.4 Medium
Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters.
CVE-2023-49545	2 Oretnom23, Sourcecodester	2 Customer Support System, Customer Support System	2025-03-28	7.5 High
A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization.
CVE-2023-49971	2 Oretnom23, Sourcecodester	2 Customer Support System, Customer Support System	2025-01-15	4.7 Medium
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customer_support/index.php?page=customer_list.
CVE-2023-49979	1 Sourcecodester	1 Customer Support System	2024-11-21	7.5 High
A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization.

Page 1 of 1.