PT-2024-30195 · Unknown · Limesurvey

Name of the Vulnerable Software and Affected Versions: Lime Survey version 6.5.12 Description: A CSV injection vulnerability in Lime Survey allows attackers to execute arbitrary code via uploading a crafted CSV file. This issue enables attackers to upload specially crafted CSV files, which can le...

CVE-2024-42901

A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file...

CVE-2024-42901

Summary: CVE-2024-42901 affects LimeSurvey v6.5.12, where a crafted CSV file upload can trigger a CSV injection that may lead to arbitrary code execution. Details from sources: The vulnerability is described as a CSV injection vulnerability in LimeSurvey v6.5.12 that allows attackers to execute a...

CVE-2024-6879

The Quiz and Survey Master QSM WordPress plugin before 9.1.1 fails to validate and escape certain Quiz fields before displaying them on a page or post where the Quiz is embedded, which could allows contributor and above roles to perform Stored Cross-Site Scripting XSS attacks...

CVE-2024-6879 Quiz and Survey Master (QSM) < 9.1.1 - Contributor+ Stored XSS

The Quiz and Survey Master QSM WordPress plugin before 9.1.1 fails to validate and escape certain Quiz fields before displaying them on a page or post where the Quiz is embedded, which could allows contributor and above roles to perform Stored Cross-Site Scripting XSS attacks...

CVE-2024-6879

The CVE-2024-6879 entry concerns the Quiz and Survey Master (QSM) WordPress plugin, affected when versions prior to 9.1.1 fail to validate and escape certain quiz fields displayed on embedded pages, enabling Stored XSS by Contributor+ users. Public documentation across Red Hat, Patchstack, OSV, a...

WordPress Quiz And Survey Master Plugin < 9.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Quiz And Survey Master Type Plugin Vulnerable versions 9.1.1 Fixed in 9.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6879 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 69638eed0571 Credits Bereket Miheret...

LimeSurvey 安全漏洞

LimeSurvey PHPSurveyor is an open source online questionnaire program from the LimeSurvey team, which supports survey program development, questionnaire publishing, and data collection. A security vulnerability exists in LimeSurvey version 6.3.0-231016, which stems from a denial of service due to...

WordPress Quiz and Survey Master (QSM) plugin < 9.1.0 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Quiz And Survey Master versions 9.1.0...

WordPress Quiz And Survey Master Plugin < 9.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Quiz And Survey Master Type Plugin Vulnerable versions 9.1.0 Fixed in 9.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6390 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 40c6a58c6f1b Credits Dmitrii Ignatyev...

CVE-2024-6390

The Quiz and Survey Master QSM WordPress plugin before 9.1.0 does not properly sanitise and escape some of its Quizz settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...

CVE-2024-6390

The Quiz and Survey Master QSM WordPress plugin before 9.1.0 does not properly sanitise and escape some of its Quizz settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...

PT-2024-37587 · WordPress · The Quiz/Survey Master

Name of the Vulnerable Software and Affected Versions: The Quiz and Survey Master QSM WordPress plugin versions prior to 9.1.0 Description: The issue concerns the improper sanitization and escaping of some Quizz settings in the plugin, which could allow high-privilege users, such as contributors,...

Education in Secure Software Development

The Linux Foundation and OpenSSF released a report on the state of education in secure software development. …many developers lack the essential knowledge and skills to effectively implement secure software development. Survey findings outlined in the report show nearly one-third of all...

CVE-2024-6703

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ and 'btntxt' parameters in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output...

CVE-2024-6703

CVE-2024-6703 affects the WordPress plugin “Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder.” The vulnerability is a Stored Cross-Site Scripting (XSS) due to insufficient input sanitization and output escaping in the description and btn_txt parameters, exploi...

CVE-2024-6703 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Welcome Screen Fields

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ and 'btntxt' parameters in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output...

CVE-2024-6520

CVE-2024-6520 concerns the WordPress Fluent Forms Contact Form Plugin (Quiz, Survey, Drag & Drop) with a Stored Cross-Site Scripting flaw in versions up to 5.1.19, caused by insufficient input sanitization and output escaping. Exploitation requires Administrator-level privileges (and above) and c...

CVE-2024-6521

CVE-2024-6521 affects the WordPress plugin Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder. All versions up to 5.1.19 are vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. Exploitation requires Administrator...

NETGEAR WN604 安全漏洞

The NETGEAR WN604 is a small wireless router from NETGEAR. An information disclosure vulnerability exists in the NETGEAR WN604. An attacker can use this vulnerability to access the siteSurvey.php page to obtain sensitive information such as the SSID, security type, encryption method, and channel ...