CVE-2021-24807

medium

Description

The Support Board WordPress plugin before 3.3.5 allows Authenticated (Agent+) users to perform Cross-Site Scripting attacks by placing a payload in the notes field, when an administrator or any authenticated user go to the chat the XSS will be automatically executed.

References

https://wpscan.com/vulnerability/19d101aa-4b60-4db4-a33b-86c826b288b0

https://medium.com/%40lijohnjefferson/cve-2021-24807-6bc22af2a444

https://github.com/itsjeffersonli/CVE-2021-24807

Details

Source: Mitre, NVD

Published: 2021-11-08

Updated: 2023-11-07

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium