Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters.
https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html