CVE-2025-40729 MEDIUM

CVE-2025-40729: Reflected Cross-Site Scripting (XSS) vulnerability in Customer Support System

Vendor Customer Support System

Product Customer Support System

Weakness CWE-79 · XSS

Published June 16, 2025

Last update June 16, 2025

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Reflected Cross-Site Scripting (XSS) in /customer_support/index.php in Customer Support System v1.0, which allows remote attackers to execute arbitrary code via the page parameter.

Key dates

02Disclosure timeline

June 16, 2025 CVE published

June 16, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-40729 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2025-40729

CWE CWE-79

CVSS 4.8 / MEDIUM

Affected versions