ThreatPress

WordPress Vulnerabilities Database

Back

WordPress SupportFlow Plugin <= 0.6 - Stored Cross-Site Scripting (XSS)

Product
SupportFlow
Description
This plugin is prone to a stored XSS vulnerability, because the subject is not escaped before being used in the value attribute of the subject input element in the admin-side ticket form.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Hackerone
CVE
Name CVE-N/A
Versions
Affected In <= 0.6
Fixed In 0.7
Disclosure date
2016-06-28
Submitter
ThreatPress