Vulnerability Details CVE-2021-24622
The Customer Service Software & Support Ticket System WordPress plugin before 5.10.4 does not sanitize or escape form fields before outputting it in the List, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.2%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
References
Products affected by CVE-2021-24622
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:-
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:1.0.0
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:1.1.0
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:1.2.0
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:1.3.0
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:1.4.0
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:2.0.0
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:2.0.1
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:3.0.0
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:3.0.1
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:3.1.0
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:3.2.0
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:3.2.1
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:3.2.2
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:3.2.3
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:4.0.0
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:4.1.0
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:4.2.0
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:4.8.0
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:5.0.0
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:5.0.1
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:5.1.0
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:5.10.0
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:5.10.3
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:5.2.0
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:5.3.0
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:5.3.1
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:5.3.2
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:5.4.0
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:5.4.2
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:5.4.3
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:5.4.4
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:5.5.0
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:5.5.1
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:5.6.0
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:5.7.0
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:5.8.0
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:5.9.0
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:5.9.1
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:5.9.3
-
cpe:2.3:a:emarketdesign:customer_service_software_&_support_ticket_system:5.9.8