← Back

Support Board Chat And Help Desk

support_board_-_chat_and_help_desk

Vendor: Schiocco • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-24741
1Schiocco
1Support Board Chat And Help Desk
Nov 21, 2024
Sep 20, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters (such as status_code, department, user_id, conversation_id, conversation_status_code, and recipient_id) before using them in SQL st...Show more
The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters (such as status_code, department, user_id, conversation_id, conversation_status_code, and recipient_id) before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated users.Show less
CVE-2018-18373
1Schiocco
1Support Board Chat And Help Desk
Nov 21, 2024
Oct 17, 2018
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress, a Stored XSS vulnerability has been discovered in file upload areas in the Chat and Help Desk sections via the msg parameter in a /wp-admin...Show more
In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress, a Stored XSS vulnerability has been discovered in file upload areas in the Chat and Help Desk sections via the msg parameter in a /wp-admin/admin-ajax.php sb_ajax_add_message action.Show less