3 matches found
CVE-2023-0428 Watu Quiz < 3.3.8.2 - Reflected XSS
The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-0428
CVE-2023-0428 affects the WordPress plugin Watu Quiz prior to version 3.3.8.2. The issue is a reflected Cross-Site Scripting (XSS) caused by a parameter not being properly sanitised/escaped before being output on the page, enabling an attacker to exploit it against high-privilege users (e.g., adm...
WordPress Watu Quiz Plugin < 3.3.8.2 is vulnerable to Cross Site Scripting (XSS)
Software Watu Quiz Type Plugin Vulnerable versions 3.3.8.2 Fixed in 3.3.8.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0428 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 65a196ce52fa Credits Felipe Restrepo Rodriguez...