Skip to main content

Perfect Support Ticketing Document Management System

2 CVEs product

Monthly

CVE-2026-63082 MEDIUM POC This Month

Broken access control in Perfect Support Ticketing & Document Management System through version 1.7 permits authenticated Agent-level users to manipulate the Support Agent assignment field on tickets beyond their authorized scope, including adding or removing Superadmin accounts. The vulnerability stems from missing server-side authorization checks (CWE-862), allowing role-based access controls to be circumvented entirely by any Agent assigned to a ticket. A publicly available exploit exists per VulnCheck and a GitHub PoC disclosure; no CISA KEV listing is present at time of analysis.

Authentication Bypass Perfect Support Ticketing Document Management System
NVD GitHub
CVSS 4.0
5.3
CVE-2026-63081 MEDIUM POC This Month

Stored cross-site scripting in Perfect Support Ticketing & Document Management System through version 1.7 allows authenticated Agent-level users to inject persistent malicious scripts into ticket Notes fields. Any user who subsequently views the compromised ticket notes - including Superadmin users - executes the attacker's payload in their browser context, enabling session token theft and unauthorized actions performed on the victim's behalf. No public exploit identified at time of analysis for KEV listing, though a publicly available proof-of-concept exists per VulnCheck and the researcher's GitHub repository.

XSS Perfect Support Ticketing Document Management System
NVD GitHub
CVSS 4.0
5.1
CVSS 5.3
MEDIUM POC This Month

Broken access control in Perfect Support Ticketing & Document Management System through version 1.7 permits authenticated Agent-level users to manipulate the Support Agent assignment field on tickets beyond their authorized scope, including adding or removing Superadmin accounts. The vulnerability stems from missing server-side authorization checks (CWE-862), allowing role-based access controls to be circumvented entirely by any Agent assigned to a ticket. A publicly available exploit exists per VulnCheck and a GitHub PoC disclosure; no CISA KEV listing is present at time of analysis.

Authentication Bypass Perfect Support Ticketing Document Management System
NVD GitHub
CVSS 5.1
MEDIUM POC This Month

Stored cross-site scripting in Perfect Support Ticketing & Document Management System through version 1.7 allows authenticated Agent-level users to inject persistent malicious scripts into ticket Notes fields. Any user who subsequently views the compromised ticket notes - including Superadmin users - executes the attacker's payload in their browser context, enabling session token theft and unauthorized actions performed on the victim's behalf. No public exploit identified at time of analysis for KEV listing, though a publicly available proof-of-concept exists per VulnCheck and the researcher's GitHub repository.

XSS Perfect Support Ticketing Document Management System
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy