4 matches found
SupportCandy < 2.2.7 - Reflected Cross-Site Scripting
The SupportCandy WordPress plugin before 2.2.7 does not sanitise and escape the query string before outputting it back in pages with the wpsccreateticket shortcode embed, leading to a Reflected Cross-Site Scripting issue id: CVE-2021-24878 info: name: SupportCandy 2.2.7 - Reflected Cross-Site...
CVE-2021-24878
creationtimestamp| type| source ---|---|--- 2022-02-07 18:35:06+00:00| seen| https://t.me/cibsecurity/36951 2025-09-19 21:02:33+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lz7r6t3r6g2s...
CVE-2021-24878 SupportCandy < 2.2.7 - Reflected Cross-Site Scripting
The SupportCandy WordPress plugin before 2.2.7 does not sanitise and escape the query string before outputting it back in pages with the wpsccreateticket shortcode embed, leading to a Reflected Cross-Site Scripting issue...
CVE-2021-24878
The CVE-2021-24878 entry concerns the WordPress plugin SupportCandy (before 2.2.7). The vulnerability is a Reflected Cross-Site Scripting (XSS) flaw caused by failing to sanitize/escape the query string when outputting it back in pages using the [wpsc_create_ticket] shortcode embed. Impact descri...