Support Board < 3.3.5 - Agent+ Stored Cross-Site Scripting
CVE-2021-24807

5.4MEDIUM

Key Information:

Vendor

Wordpress
Status
Support Board
Vendor
CVE Published:
8 November 2021

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2021-24807?

The Support Board WordPress plugin before 3.3.5 allows Authenticated (Agent+) users to perform Cross-Site Scripting attacks by placing a payload in the notes field, when an administrator or any authenticated user go to the chat the XSS will be automatically executed.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Support Board 3.3.5

References

https://wpscan.com/vulnerability/19d101aa-4b60-4db4-a33b-...
x_refsource_MISC
https://medium.com/%40lijohnjefferson/cve-2021-24807-6bc2...
x_refsource_MISC
https://github.com/itsjeffersonli/CVE-2021-24807
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability Reserved

Credit

John Jefferson Li
JSON
.