CVE-2021-24622

CVE-2021-24622: WP Ticket < 5.10.4 - Admin+ Stored Cross-Site Scripting

Vendor Unknown

Product Customer Service Software & Support Ticket System

Weakness CWE-79 · XSS

Published October 18, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Customer Service Software & Support Ticket System WordPress plugin before 5.10.4 does not sanitize or escape form fields before outputting it in the List, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Key dates

02Disclosure timeline

October 18, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24622

Related vulnerabilities

04Related CVE

CVE-2024-51613 WordPress TradeMe widgets plugin <= 1.2 - Stored Cross Site Scripting (XSS) vulnerability CVE-2022-39398 InfotelGLPI vulnerable to Cross-site Scripting CVE-2025-49429 WordPress Video Embeds plugin <= 0.1.1 - Cross Site Scripting (XSS) Vulnerability CVE-2024-26047 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2021-39319 duoFAQ - Responsive, Flat, Simple FAQ <= 1.4.8 Reflected Cross-Site Scripting