Skip to main content

Perfect Support Ticketing CVE-2026-63081

| EUVDEUVD-2026-44945 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-07-16 VulnCheck
5.1
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
5.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.4 MEDIUM

Network-delivered stored XSS requiring Agent auth (PR:L), victim page-view (UI:R), and scope change to victim session with limited C/I impact.

3.1 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jul 16, 2026 - 16:16 vuln.today
CVE Published
Jul 16, 2026 - 15:33 cve.org
MEDIUM 5.1

DescriptionCVE.org

Perfect Support Ticketing & Document Management System through 1.7 contains a stored cross-site scripting vulnerability that allows authenticated attackers with Agent-level privileges to inject malicious payloads into the Notes field of assigned support tickets. Attackers can store malicious scripts that execute in the browser context of any user who views the affected ticket notes, including Superadmin users, enabling session hijacking or unauthorized actions on behalf of the victim.

AnalysisAI

Stored cross-site scripting in Perfect Support Ticketing & Document Management System through version 1.7 allows authenticated Agent-level users to inject persistent malicious scripts into ticket Notes fields. Any user who subsequently views the compromised ticket notes - including Superadmin users - executes the attacker's payload in their browser context, enabling session token theft and unauthorized actions performed on the victim's behalf. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Obtain or compromise Agent credentials
Delivery
Authenticate to ticketing system
Exploit
Inject JS payload into ticket Notes field
Install
Superadmin views compromised ticket
C2
Browser executes payload
Execute
Exfiltrate session token to attacker server
Impact
Hijack Superadmin session

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to hold an authenticated Agent-level account on the target Perfect Support Ticketing & Document Management System instance - this is the primary limiting condition. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The provided CVSS 4.0 vector (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N) scores 5.1, reflecting a network-reachable, low-complexity attack requiring Agent-level credentials and passive victim interaction (viewing the ticket). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with Agent-level credentials logs into the ticketing system, opens or creates a support ticket assigned to them, and injects a JavaScript payload - such as a cookie-stealing script pointing to an attacker-controlled server - into the Notes field. When a Superadmin reviews the ticket to monitor support activity, the payload executes silently in their browser, exfiltrating the Superadmin's session token and allowing the attacker to fully impersonate the administrator. …
Remediation No vendor-released patch has been identified at time of analysis - neither the VulnCheck advisory nor the researcher's disclosure references an official fix version or vendor response. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-63081 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy