Lucene search
Shivam RaiWPEX-ID:ECF6A082-B563-42C4-9D8C-3757AA6B696FHistorySep 13, 2021 - 12:00 a.m.
Quiz And Survey Master < 7.3.2 - Admin+ Stored Cross-Site Scripting
2021-09-1300:00:00
Shivam Rai
335
cross-site scripting
quiz and survey master
admin+ stored
EPSS
0.001
Percentile
24.8%
The plugin does not escape the Quiz Url Slug setting before outputting it in some pages, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Put the following payload in the Quiz Url Slug setting: "><script>alert(/XSS/)</script>
Create a quiz and publish it. The XSS will be triggered when editing the Quizz (ie wp-admin/admin.php?page=mlw_quiz_options&quiz_id=4), or accessing the Quizzes/Surveys page (/wp-admin/admin.php?page=mlw_quiz_list)Related
wpvulndb
wpvulndb
Quiz And Survey Master < 7.3.2 - Admin+ Stored Cross-Site Scripting
2021-09-13 00:00:00
cve
cve
CVE-2021-24691
2021-10-11 11:15:09
prion
prion
Cross site scripting
2021-10-11 11:15:00
patchstack
patchstack
nvd
nvd
CVE-2021-24691
2021-10-11 11:15:09
cnvd
cnvd
WordPress Quiz And Survey Master plugin cross-site scripting vulnerability
2021-10-13 00:00:00
cvelist
cvelist