SupportCandy < 2.2.7 - Reflected Cross-Site Scripting

The SupportCandy WordPress plugin before 2.2.7 does not sanitise and escape the query string before outputting it back in pages with the wpsccreateticket shortcode embed, leading to a Reflected Cross-Site Scripting issue id: CVE-2021-24878 info: name: SupportCandy 2.2.7 - Reflected Cross-Site...

CVE-2021-24878

The SupportCandy WordPress plugin before 2.2.7 does not sanitise and escape the query string before outputting it back in pages with the wpsccreateticket shortcode embed, leading to a Reflected Cross-Site Scripting issue...

CVE-2022-24878

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to cause a Denial of Service at the controller level. Workarounds include automated tooling in the user's CI/CD pipeline to...

CVE-2024-24878

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Naked Cat Plugins Portugal CTT Tracking for WooCommerce portugal-ctt-tracking-woocommerce.This issue affects Portugal CTT Tracking for WooCommerce: from n/a through = 2.1...

CVE-2024-24878

creationtimestamp| type| source ---|---|--- 2024-02-08 14:22:04+00:00| seen| https://t.me/ctinow/181393 2024-03-02 11:11:47+00:00| seen| https://t.me/ctinow/198320 2025-02-19 21:02:43+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3likodrvkhm2o...

CVE-2024-24878

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Marco Almeida | Webdados Portugal CTT Tracking for WooCommerce portugal-ctt-tracking-woocommerce.This issue affects Portugal CTT Tracking for WooCommerce: from n/a through = 2.1...

CVE-2024-24878

CVE-2024-24878 affects the Portugal CTT Tracking for WooCommerce plugin (PT Woo Plugins by Webdados). The issue is a reflected cross-site scripting (XSS) vulnerability in the plugin, exploitable via an attacker-supplied input that is reflected in web pages. Affected versions are up to 2.1; a fix ...

CVE-2024-24878 WordPress Portugal CTT Tracking for WooCommerce plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Marco Almeida | Webdados Portugal CTT Tracking for WooCommerce portugal-ctt-tracking-woocommerce.This issue affects Portugal CTT Tracking for WooCommerce: from n/a through = 2.1...

WordPress Portugal CTT Tracking for WooCommerce Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)

Software Portugal CTT Tracking for WooCommerce Type Plugin Vulnerable versions = 2.1 Fixed in 2.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24878 Patch priority Low CVSS severity Low 7.1 Developer PT Woo Plugins by Webdados PSID 06b64736759e Credits...

CVE-2022-24878

creationtimestamp| type| source ---|---|--- 2022-05-06 18:26:37+00:00| seen| https://t.me/cibsecurity/42086...

CVE-2022-24878

CVE-2022-24878 describes a path-traversal vulnerability in Flux’s kustomize-controller. A malicious kustomization.yaml can cause the kustomize-controller to enter a denial-of-service condition at the controller level. The issue arises from improper handling of paths in Kustomization processing. T...

CVE-2022-24878 Improper path handling in Kustomization files allows for denial of service

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to cause a Denial of Service at the controller level. Workarounds include automated tooling in the user's CI/CD pipeline to...

CVE-2021-24878

creationtimestamp| type| source ---|---|--- 2022-02-07 18:35:06+00:00| seen| https://t.me/cibsecurity/36951 2025-09-19 21:02:33+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lz7r6t3r6g2s...

CVE-2021-24878 SupportCandy < 2.2.7 - Reflected Cross-Site Scripting

The SupportCandy WordPress plugin before 2.2.7 does not sanitise and escape the query string before outputting it back in pages with the wpsccreateticket shortcode embed, leading to a Reflected Cross-Site Scripting issue...

CVE-2021-24878

The CVE-2021-24878 entry concerns the WordPress plugin SupportCandy (before 2.2.7). The vulnerability is a Reflected Cross-Site Scripting (XSS) flaw caused by failing to sanitize/escape the query string when outputting it back in pages using the [wpsc_create_ticket] shortcode embed. Impact descri...