Lucene search
+L

4 matches found

Nuclei
Nuclei
added 12 hours ago46 views

SupportCandy < 2.2.7 - Reflected Cross-Site Scripting

The SupportCandy WordPress plugin before 2.2.7 does not sanitise and escape the query string before outputting it back in pages with the wpsccreateticket shortcode embed, leading to a Reflected Cross-Site Scripting issue id: CVE-2021-24878 info: name: SupportCandy 2.2.7 - Reflected Cross-Site...

6.1CVSS6.1AI score0.01165EPSS
Exploits2References3
Circl
Circl
added 2022/02/07 6:35 p.m.22 views

CVE-2021-24878

creationtimestamp| type| source ---|---|--- 2022-02-07 18:35:06+00:00| seen| https://t.me/cibsecurity/36951 2025-09-19 21:02:33+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lz7r6t3r6g2s...

6.1CVSS6AI score0.01165EPSS
Exploits2References2
Cvelist
Cvelist
added 2022/02/07 3:47 p.m.34 views

CVE-2021-24878 SupportCandy < 2.2.7 - Reflected Cross-Site Scripting

The SupportCandy WordPress plugin before 2.2.7 does not sanitise and escape the query string before outputting it back in pages with the wpsccreateticket shortcode embed, leading to a Reflected Cross-Site Scripting issue...

6.2AI score0.01165EPSS
Exploits2References1
CVE
CVE
added 2022/02/07 3:47 p.m.69 views

CVE-2021-24878

The CVE-2021-24878 entry concerns the WordPress plugin SupportCandy (before 2.2.7). The vulnerability is a Reflected Cross-Site Scripting (XSS) flaw caused by failing to sanitize/escape the query string when outputting it back in pages using the [wpsc_create_ticket] shortcode embed. Impact descri...

6.1CVSS6AI score0.01165EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder