1 results (0.007 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

The Customer Service Software & Support Ticket System WordPress plugin before 5.10.4 does not sanitize or escape form fields before outputting it in the List, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. El plugin Customer Service Software & Support Ticket System de WordPress versiones anteriores a 5.10.4, no sanea ni escapa los campos de los formularios antes de mostrarlos en la lista, que podría permitir a usuarios con altos privilegios llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando la capacidad unfiltered_html no está permitida • https://wpscan.com/vulnerability/41a2c72c-7db1-473a-8844-47f6ae9d0594 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •