SupportFlow <= 0.6 - Stored Cross-Site Scripting (XSS)

Sign up to our free email alerts service for instant vulnerability notifications!

Affects

Plugin supportflow
fixed in version 0.7

References

URL https://hackerone.com/reports/145086
URL https://hackerone.com/reports/145091
URL https://github.com/SupportFlow/supportflow/commit/c08d376072f093b650c49dcb44124f43ea0177b1
URL https://github.com/SupportFlow/supportflow/commit/c507cc863d161f87c28d0682714bf188ffac1a67

Classification

Type XSS
OWASP Top 10 A3: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Submitter Anonymous
Views 110
Verified No
WPVDB ID 8534

Timeline

Publicly Published 2016-06-28 (6 months ago)
Added 2016-06-29 (6 months ago)
Last Updated 2016-06-29 (6 months ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.