CVE-2026-63082 is a broken access control vulnerability in Perfect Support Ticketing & Document Management System version 1.7. Authenticated attackers with Agent-level privileges can manipulate Support Agent assignments, bypassing authorization checks. This allows adding or removing users, including Superadmin accounts, from ticket Support Agent fields. The vulnerability has a CVSS score of 5.3 and is con [truncated]
CVE-2026-63081 describes a stored cross-site scripting vulnerability in Perfect Support Ticketing & Document Management System versions up to 1.7. The vulnerability allows authenticated attackers with Agent-level privileges to inject malicious payloads into the Notes field of assigned support tickets. These payloads can execute in the browser context of any user who views the affected ticket notes, includ [truncated]