What is CVE-2021-24276?

CVE-2021-24276 is a vulnerability in Supsystic Contact Form By, classified under Cross-site Scripting. Published 2021-05-05.

Is CVE-2021-24276 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Supsystic Contact Form By

CVE-2021-24276

The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.084 (92.5th percentile) — read the EPSS interpretation.

Affected products

Supsystic Contact Form By — versions 1.7.15

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

References

wpscan.com/vulnerability/1301123c-5e63-432a-ab90-3221ca532d9c (x_refsource_CONFIRM)
packetstormsecurity.com/files/164308/WordPress-Contact-Form-1.7.14-Cross-Site-S… (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-24276?: CVE-2021-24276 is a vulnerability in Supsystic Contact Form By, classified under Cross-site Scripting. Published 2021-05-05.
Is CVE-2021-24276 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.