CVE-2025-40729 Information

Description

Reflected Cross-Site Scripting (XSS) in /customer_support/index.php in Customer Support System v1.0 which allows remote attackers to execute arbitrary code via the page parameter.

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-customer-support-system

Related CNNVD

CNNVD-202506-1865 (Published: 2025-06-16)