[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Customer Support System 1.0 - Stored XSS Vulnerability

Author
Geraldo Alcantara
Risk
[
Security Risk High
]
0day-ID
0day-ID-39667
Category
web applications
Date add
02-07-2024
CVE
CVE-2023-49976
Platform
php
# Exploit Title:  Customer Support System 1.0 - (XSS) Cross-Site
Scripting Vulnerability in the "subject" at "ticket_list"
# Exploit Author: Geraldo Alcantara
# Vendor Homepage:
https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html
# Software Link:
https://www.sourcecodester.com/download-code?nid=14587&title=Customer+Support+System+using+PHP%2FMySQLi+with+Source+Code
# Version: 1.0
# Tested on: Windows
# CVE : CVE-2023-49976
*Steps to reproduce:*
1- Log in to the application.
2- Visit the ticket creation/editing page.
3- Create/Edit a ticket and insert the malicious payload into the
"subject" field/parameter.
Payload: <dt/><b/><script>alert(document.domain)</script>

#  0day.today [2024-11-14]  #