QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24807

Published: Nov 8, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The Support Board WordPress plugin before 3.3.5 allows Authenticated (Agent+) users to perform Cross-Site Scripting attacks by placing a payload in the notes field, when an administrator or any authenticated user go to the chat the XSS will be automatically executed.

Vendor	Product	Versions
Unknown	Support Board	affected `3.3.5 - < 3.3.5`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/19d101aa-4b60-4db4-a33b-86c826b288b0

x_refsource_MISC

https://medium.com/%40lijohnjefferson/cve-2021-24807-6bc22af2a444

x_refsource_MISC

https://github.com/itsjeffersonli/CVE-2021-24807

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.