Support Board < 1.2.4 – Stored Cross-Site Scripting | CVE 2018-18373

Affects Plugins

supportboard

Fixed in 1.2.4

References

CVE

CVE-2018-18373

URL

https://packetstormsecurity.com/files/#149806/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

5.4 (medium)

Miscellaneous

Original Researcher

Ismail Tasdelen

Verified

No

WPVDB ID

52e07922-15e3-49ac-ade5-aea93497869e

Timeline

Publicly Published

2018-10-16 (about 7 years ago)

Added

2019-08-24 (about 6 years ago)

Last Updated

2022-02-15 (about 4 years ago)

Other

Published

Title

Published

2025-07-07

Title

Invico - WordPress Consulting Business Theme <= 1.9 - Reflected Cross-Site Scripting

Published

2026-05-12

Title

WPC Badge Management for WooCommerce < 3.1.7 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via 'text' Attribute

Published

2023-08-01

Title

Bus Ticket Booking with Seat Reservation < 5.2.4 - Reflected XSS

Published

2024-11-27

Title

StreamWeasels YouTube Integration < 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2022-02-03

Title

Yet Another Stars Rating < 3.0.0 - Reflected Cross-Site Scripting