CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-17599

MEDIUM
6.1
CVSS Severity Score
EPSS Score0.0400%
EPSS Percentile1.82th
Published2019年12月13日
Last Modified2024年11月21日

Vulnerability Description

The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter (and/or the quiz_id parameter). The component is: admin/quiz-options-page.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL.

Affected Platforms (CPE)

📦
Expresstech

Quiz And Survey Master

< 6.3.5

References & Advisories

🔗 https://github.com/QuizandSurveyMaster/quiz_master_next/issues/795
🔗 https://github.com/QuizandSurveyMaster/quiz_master_next/pull/796
🔗 https://wordpress.org/plugins/quiz-master-next/#developers
🔗 https://wpvulndb.com/vulnerabilities/9977
🔗 https://github.com/QuizandSurveyMaster/quiz_master_next/issues/795
🔗 https://github.com/QuizandSurveyMaster/quiz_master_next/pull/796
🔗 https://wordpress.org/plugins/quiz-master-next/#developers
🔗 https://wpvulndb.com/vulnerabilities/9977

関連する脆弱性情報

CVE-2020-3594910.0

An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated a...

CVE-2020-359519.9

An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files...

CVE-2021-242218.8

The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the result_id G...

CVE-2021-368987.5

Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress.