CVE-2016-10970

The supportflow plugin before 0.7 for WordPress has XSS via a ticket excerpt...

CVE-2016-10969

The supportflow plugin before 0.7 for WordPress has XSS via a discussion ticket title...

EUVD-2016-1960

Malware in sbrugna...

CVE-2016-10970

The supportflow plugin before 0.7 for WordPress has XSS via a ticket excerpt...

CVE-2016-10969

The supportflow plugin before 0.7 for WordPress has XSS via a discussion ticket title...

CVE-2016-10969

The supportflow plugin before 0.7 for WordPress has XSS via a discussion ticket title...

CVE-2016-10970

The supportflow plugin before 0.7 for WordPress has XSS via a ticket excerpt...

Design/Logic Flaw

The supportflow plugin before 0.7 for WordPress has XSS via a ticket excerpt...

Design/Logic Flaw

The supportflow plugin before 0.7 for WordPress has XSS via a discussion ticket title...

CVE-2016-10970

CVE-2016-10970 affects the WordPress plugin SupportFlow ; it is a stored XSS vulnerability in the ticket excerpt. The issue is present in plugin versions before 0.7. No exploitation details are provided in the documents. Remediation, as implied, is to upgrade to 0.7 or later (the fix version is n...

CVE-2016-10970

The supportflow plugin before 0.7 for WordPress has XSS via a ticket excerpt...

CVE-2016-10969

The supportflow plugin before 0.7 for WordPress has XSS via a discussion ticket title...

CVE-2016-10969

CVE-2016-10969: The WordPress SupportFlow plugin is vulnerable to stored XSS via a discussion ticket title in versions before 0.7. The issue originates from the plugin’s handling of ticket titles, enabling script injection that could execute in a user’s browser. Affects the SupportFlow WordPress ...

SupportFlow <= 0.6 - Stored Cross-Site Scripting (XSS)

The SupportFlow WordPress plugin was affected by a Stored Cross-Site Scripting XSS security vulnerability...

WordPress SupportFlow Plugin <= 0.6 - Stored Cross-Site Scripting (XSS)

This plugin is prone to a stored XSS vulnerability, because the subject is not escaped before being used in the value attribute of the subject input element in the admin-side ticket form. Solution Update the plugin...

Ian Dunn: Stored XSS from ticket messages in admin table in SupportFlow

SupportFlow containers a stored XSS vulnerability in how it generates the admin table of tickets at SupportFlow - All Tickets /wp-admin/edit.php?posttype=sfticket. Any ticket can be created with an XSS payload like this: alert'XSS'; When an admin goes to view the table of tickets, XSS is triggere...

Ian Dunn: Stored XSS in SupportFlow Ticket Subject

SupportFlow contains an XSS vulnerability in how it handles ticket subjects in the admin-side ticket form, because the subject is not escaped before being used in the value attribute of the subject input element. This first requires wptexturize to be disabled not that uncommon: addfilter...