CVE-2024-6390 Quiz and Survey Master (QSM) < 9.1.0 - Contributor+ Stored XSS

2024-08-0306:00:05

WPScan

www.cve.org

wordpress

plugin

sanitise

escape

quizz settings

high privilege users

stored cross-site scripting

EPSS

Percentile

9.4%

JSON

The Quiz and Survey Master (QSM) WordPress plugin before 9.1.0 does not properly sanitise and escape some of its Quizz settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Quiz and Survey Master (QSM)",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "9.1.0"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wpscan.com/vulnerability/00586687-33c7-4d84-b606-0478b1063d24/

EPSS

Percentile

9.4%

JSON

Related for CVELIST:CVE-2024-6390