Vulnerability Details CVE-2021-24807
The Support Board WordPress plugin before 3.3.5 allows Authenticated (Agent+) users to perform Cross-Site Scripting attacks by placing a payload in the notes field, when an administrator or any authenticated user go to the chat the XSS will be automatically executed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.031
EPSS Ranking 86.2%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- https://github.com/itsjeffersonli/CVE-2021-24807
- https://medium.com/%40lijohnjefferson/cve-2021-24807-6bc22af2a444
- https://wpscan.com/vulnerability/19d101aa-4b60-4db4-a33b-86c826b288b0
- https://github.com/itsjeffersonli/CVE-2021-24807
- https://medium.com/%40lijohnjefferson/cve-2021-24807-6bc22af2a444
- https://wpscan.com/vulnerability/19d101aa-4b60-4db4-a33b-86c826b288b0
Products affected by CVE-2021-24807
-
cpe:2.3:a:schiocco:support_board:-
-
cpe:2.3:a:schiocco:support_board:1.2.3
-
cpe:2.3:a:schiocco:support_board:1.2.8
-
cpe:2.3:a:schiocco:support_board:3.0.0
-
cpe:2.3:a:schiocco:support_board:3.0.1
-
cpe:2.3:a:schiocco:support_board:3.0.2
-
cpe:2.3:a:schiocco:support_board:3.0.3
-
cpe:2.3:a:schiocco:support_board:3.0.4
-
cpe:2.3:a:schiocco:support_board:3.0.5
-
cpe:2.3:a:schiocco:support_board:3.0.6
-
cpe:2.3:a:schiocco:support_board:3.0.7
-
cpe:2.3:a:schiocco:support_board:3.0.8
-
cpe:2.3:a:schiocco:support_board:3.0.9
-
cpe:2.3:a:schiocco:support_board:3.1.0
-
cpe:2.3:a:schiocco:support_board:3.1.1
-
cpe:2.3:a:schiocco:support_board:3.1.2
-
cpe:2.3:a:schiocco:support_board:3.1.3
-
cpe:2.3:a:schiocco:support_board:3.1.4
-
cpe:2.3:a:schiocco:support_board:3.1.5
-
cpe:2.3:a:schiocco:support_board:3.1.6
-
cpe:2.3:a:schiocco:support_board:3.1.7
-
cpe:2.3:a:schiocco:support_board:3.1.8
-
cpe:2.3:a:schiocco:support_board:3.1.9
-
cpe:2.3:a:schiocco:support_board:3.2.0
-
cpe:2.3:a:schiocco:support_board:3.2.1
-
cpe:2.3:a:schiocco:support_board:3.2.2
-
cpe:2.3:a:schiocco:support_board:3.2.3
-
cpe:2.3:a:schiocco:support_board:3.2.4
-
cpe:2.3:a:schiocco:support_board:3.2.5
-
cpe:2.3:a:schiocco:support_board:3.2.6
-
cpe:2.3:a:schiocco:support_board:3.2.7
-
cpe:2.3:a:schiocco:support_board:3.2.8
-
cpe:2.3:a:schiocco:support_board:3.2.9
-
cpe:2.3:a:schiocco:support_board:3.3.0
-
cpe:2.3:a:schiocco:support_board:3.3.1
-
cpe:2.3:a:schiocco:support_board:3.3.2
-
cpe:2.3:a:schiocco:support_board:3.3.3
-
cpe:2.3:a:schiocco:support_board:3.3.4