Back to overview

CVE-2026-63081

MEDIUM
5.4
CVSS 3.1
Description
Perfect Support Ticketing & Document Management System through 1.7 contains a stored cross-site scripting vulnerability that allows authenticated attackers with Agent-level privileges to inject malicious payloads into the Notes field of assigned support tickets. Attackers can store malicious scripts that execute in the browser context of any user who views the affected ticket notes, including Superadmin users, enabling session hijacking or unauthorized actions on behalf of the victim.

Metadata

CVE ID
CVE-2026-63081
State
PUBLISHED
Assigner
VulnCheck
Reserved
2026-07-15 15:45 UTC
Published
2026-07-16 15:33 UTC
Last updated
2026-07-16 15:33 UTC
Primary CWE
CWE-79
Improper Neutralization of Input During Web Page Generation …
Vendor / Product
Ultimate Fosters / Perfect Support Ticketing & Document Management System
Sources
cve.org  ·  NVD

Severity & Metrics

5.4 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected products (1)
VendorProductPlatformVersions
Ultimate Fosters Perfect Support Ticketing & Document Management System 0 ≤ 1.7
Weakness (CWE)
CWESourceDescription
CWE-79 cna Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS scores (2)
ScoreSeverityVersionSourceVector
5.4 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.1 MEDIUM 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Back to overview