PatchSiren

Ultimate Fosters CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Ultimate Fosters CVE published 2026-07-16

CVE-2026-63082

CVE-2026-63082 is a broken access control vulnerability in Perfect Support Ticketing & Document Management System version 1.7. Authenticated attackers with Agent-level privileges can manipulate Support Agent assignments, bypassing authorization checks. This allows adding or removing users, including Superadmin accounts, from ticket Support Agent fields. The vulnerability has a CVSS score of 5.3 and is con [truncated]

MEDIUM Ultimate Fosters CVE published 2026-07-16

CVE-2026-63081

CVE-2026-63081 describes a stored cross-site scripting vulnerability in Perfect Support Ticketing & Document Management System versions up to 1.7. The vulnerability allows authenticated attackers with Agent-level privileges to inject malicious payloads into the Notes field of assigned support tickets. These payloads can execute in the browser context of any user who views the affected ticket notes, includ [truncated]