Lucene search

CVE-2022-4211

🗓️ 02 Dec 2022 20:55:27Reported by WordfenceType

The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'emailf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link

Reporter	Title	Published	Views	Family All 5
Vulnrichment	CVE-2022-4211	2 Dec 202220:27	–	vulnrichment
Prion	Cross site scripting	2 Dec 202221:15	–	prion
CVE	CVE-2022-4211	2 Dec 202221:15	–	cve
NVD	CVE-2022-4211	2 Dec 202221:15	–	nvd
WPVulnDB	Chained Quiz < 1.3.2.1 - Multiple Reflected Cross-Site Scripting	2 Dec 202200:00	–	wpvulndb

[
  {
    "vendor": "prasunsen",
    "product": "Chained Quiz",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "1.3.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset
gist	www.gist.github.com/Xib3rR4dAr/417a11bcb9b8da28cfe5ba1c17c44d0e
wordfence	www.wordfence.com/vulnerability-advisories-continued/

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

02 Dec 2022 20:27Current

6.2Medium risk

Vulners AI Score6.2

CVSS36.1

EPSS0.00129