{"vulnerability": "cve-2021-24878", "sightings": [{"uuid": "1ce7308e-0bac-4d22-a175-94715503bcf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24878", "type": "seen", "source": "https://t.me/cibsecurity/36951", "content": "\u203c CVE-2021-24878 \u203c\n\nThe SupportCandy WordPress plugin before 2.2.7 does not sanitise and escape the query string before outputting it back in pages with the [wpsc_create_ticket] shortcode embed, leading to a Reflected Cross-Site Scripting issue\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-07T18:35:06.000000Z"}, {"uuid": "9ed96440-c545-4b75-9ead-58a8da3ef4ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24878", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lz7r6t3r6g2s", "content": "", "creation_timestamp": "2025-09-19T21:02:33.889316Z"}]}