Lucene search
K

4 matches found

Patchstack
Patchstack
added 2024/01/31 12:0 a.m.12 views

WordPress Wp-Adv-Quiz Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Wp-Adv-Quiz Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5956 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID bf0336ffbf73 Credits Bob Matyas Required privilege...

4.8CVSS5.8AI score0.00402EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2024/01/29 2:44 p.m.40 views

CVE-2023-5956 Wp-Adv-Quiz <= 1.0.2 - Admin+ Stored XSS in Quiz Overview

The Wp-Adv-Quiz WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00402EPSS
Exploits2References1
CVE
CVE
added 2024/01/29 2:44 p.m.54 views

CVE-2023-5956

CVE-2023-5956 affects the WordPress plugin Wp-Adv-Quiz (versions up to 1.0.2; some sources indicate

4.8CVSS4.7AI score0.00402EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/29 2:44 p.m.6 views

CVE-2023-5956 Wp-Adv-Quiz <= 1.0.2 - Admin+ Stored XSS in Quiz Overview

The Wp-Adv-Quiz WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.6AI score0.00402EPSS
Exploits2References1
Rows per page
Query Builder