CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24622 – WP Ticket < 5.10.4 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24622
The Customer Service Software & Support Ticket System WordPress plugin before 5.10.4 does not sanitize or escape form fields before outputting it in the List, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. El plugin Customer Service Software & Support Ticket System de WordPress versiones anteriores a 5.10.4, no sanea ni escapa los campos de los formularios antes de mostrarlos en la lista, que podría permitir a usuarios con altos privilegios llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando la capacidad unfiltered_html no está permitida • https://wpscan.com/vulnerability/41a2c72c-7db1-473a-8844-47f6ae9d0594 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •