CyberSec.Space Logo
Back to CVE Browser

CVE-2019-17599

MEDIUM
6.1
CVSS Severity Score
EPSS Score0.0400%
EPSS Percentile1.82th
PublishedDec 13, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter (and/or the quiz_id parameter). The component is: admin/quiz-options-page.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL.

Affected Platforms (CPE)

πŸ“¦
Expresstech

Quiz And Survey Master

< 6.3.5

References & Advisories

πŸ”— https://github.com/QuizandSurveyMaster/quiz_master_next/issues/795
πŸ”— https://github.com/QuizandSurveyMaster/quiz_master_next/pull/796
πŸ”— https://wordpress.org/plugins/quiz-master-next/#developers
πŸ”— https://wpvulndb.com/vulnerabilities/9977
πŸ”— https://github.com/QuizandSurveyMaster/quiz_master_next/issues/795
πŸ”— https://github.com/QuizandSurveyMaster/quiz_master_next/pull/796
πŸ”— https://wordpress.org/plugins/quiz-master-next/#developers
πŸ”— https://wpvulndb.com/vulnerabilities/9977

Related Vulnerabilities

CVE-2020-3594910.0

An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated a...

CVE-2020-359519.9

An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files...

CVE-2021-242218.8

The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the result_id G...

CVE-2021-368987.5

Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress.