CVE-2021-24807

MEDIUM

Support Board < 3.3.5 - Authenticated Stored Cross-Site Scripting via Notes Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2021-24807. PoCs published by dldygnl.

AI-analyzed exploit summary This repository provides a detailed technical writeup on CVE-2021-24807, an authenticated stored XSS vulnerability in Support Board 3.3.4. It includes step-by-step exploitation instructions, Burp Suite intercepts, and payload examples.

Description

The Support Board WordPress plugin before 3.3.5 allows Authenticated (Agent+) users to perform Cross-Site Scripting attacks by placing a payload in the notes field, when an administrator or any authenticated user go to the chat the XSS will be automatically executed.

Exploits (2)

nomisec WRITEUP 1 stars
by dldygnl · poc
https://github.com/dldygnl/CVE-2021-24807

This repository provides a detailed technical writeup on CVE-2021-24807, an authenticated stored XSS vulnerability in Support Board 3.3.4. It includes step-by-step exploitation instructions, Burp Suite intercepts, and payload examples.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Support Board 3.3.4
Auth required
Prerequisites: Agent or Admin level access to the Support Board application
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →
inthewild WRITEUP
poc
https://github.com/itsjeffersonli/cve-2021-24807

This repository provides a detailed technical writeup on CVE-2021-24807, an authenticated stored XSS vulnerability in Support Board 3.3.4. It includes step-by-step exploitation instructions, Burp Suite intercepts, and payload examples.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Support Board 3.3.4
Auth required
Prerequisites: Agent or Admin level access · Burp Suite for interception
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/19d101aa-4b60-4db4-a33b-86c826b288b0
Exploit, Third Party Advisory x_refsource_misc
https://github.com/itsjeffersonli/CVE-2021-24807

Scores

CVSS v3 5.4
EPSS 0.0704
EPSS Percentile 91.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
schiocco/support_board < 3.3.5
Published Nov 08, 2021
Tracked Since Feb 18, 2026