Description
The Quiz And Survey Master WordPress plugin is vulnerable to reflected XSS as it echoes the quiz_id parameter without proper encoding.
Successful exploitation allows an attacker to execute JavaScript in the context of the application in the name of an attacked user. This in turn enables an attacker to bypass CSRF protection and thus perform any actions the legitimate user can perform, as well as read data which the user can access.
http://192.168.0.103/wordpress/wp-admin/admin.php?page=mlw_quiz_results&quiz_id='"><img+src%3Dx+onerror%3Dalert(1)>
quiz-master-next/php/admin/admin-results-page.php:
<input type="hidden" name="quiz_id" value="<?php echo $_GET["quiz_id"]; ?>" />
WordPress Quiz And Survey Master plugin CVE-2019-9575最先出现在CVE 0day。