CVE-2024-6933

A flaw has been found in LimeSurvey 6.5.14-240624. Affected by this issue is the function actionUpdateSurveyLocaleSettingsGeneralSettings of the file /index.php?r=admin/database/index/updatesurveylocalesettingsgeneralsettings of the component Survey General Settings Handler. This manipulation of...

WordPress Quiz and Survey Master plugin < 9.0.5 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Quiz And Survey Master versions 9.0.5...

CVE-2024-6025

The Quiz and Survey Master QSM WordPress plugin before 9.0.5 does not sanitise and escape some of its Quiz settings, which could allow contributors and higher to perform Stored Cross-Site Scripting attacks...

CVE-2024-6025 Quiz and Survey Master < 9.0.5 - Contributor+ Stored XSS

The Quiz and Survey Master QSM WordPress plugin before 9.0.5 does not sanitise and escape some of its Quiz settings, which could allow contributors and higher to perform Stored Cross-Site Scripting attacks...

CVE-2024-6025 Quiz and Survey Master < 9.0.5 - Contributor+ Stored XSS

The Quiz and Survey Master QSM WordPress plugin before 9.0.5 does not sanitise and escape some of its Quiz settings, which could allow contributors and higher to perform Stored Cross-Site Scripting attacks...

CVE-2024-6025

The CVE-2024-6025 entry concerns the WordPress plug-in Quiz and Survey Master (QSM) prior to version 9.0.5. Multiple connected sources confirm a Stored Cross-Site Scripting vulnerability arising from insufficient sanitisation/escaping of certain quiz settings, enabling an attacker with Contributo...

WordPress plugin Quiz and Survey Master security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

WordPress Quiz And Survey Master Plugin < 9.0.5 is vulnerable to Cross Site Scripting (XSS)

Software Quiz And Survey Master Type Plugin Vulnerable versions 9.0.5 Fixed in 9.0.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6025 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 041e8eaa0b85 Credits Dmitrii Ignatyev...

CVE-2024-39063

Lime Survey = 6.5.12 is vulnerable to Cross Site Request Forgery CSRF. The YIICSRFTOKEN is only checked when passed in the body of POST requests, but the same check isn't performed in the equivalent GET requests...

LimeSurvey Security Breach

LimeSurvey formerly known as PHPSurveyor is an open source online survey program from the LimeSurvey team that supports survey program development, survey distribution, and data collection. A security vulnerability exists in LimeSurvey 6.5.12 and earlier versions, which stems from vulnerability t...

CVE-2024-39063

Lime Survey = 6.5.12 is vulnerable to Cross Site Request Forgery CSRF. The YIICSRFTOKEN is only checked when passed in the body of POST requests, but the same check isn't performed in the equivalent GET requests...

PT-2024-28342 · Unknown · Limesurvey

Name of the Vulnerable Software and Affected Versions: Lime Survey versions 6.5.12 and earlier Description: The issue concerns a Cross Site Request Forgery CSRF problem. Specifically, the YII CSRF TOKEN is checked only when passed in the body of POST requests, but this check is not performed for...

CVE-2024-39063

Lime Survey = 6.5.12 is vulnerable to Cross Site Request Forgery CSRF. The YIICSRFTOKEN is only checked when passed in the body of POST requests, but the same check isn't performed in the equivalent GET requests...

CVE-2024-39063

LimeSurvey

CVE-2024-5606 Quiz And Survey Master < 9.0.2 - Contributor+ SQLi

The Quiz and Survey Master QSM WordPress plugin before 9.0.2 is vulnerable does not validate and escape the questionid parameter in the qsmbulkdeletequestionfromdatabase AJAX action, leading to a SQL injection exploitable by Contributors and above role...

PT-2024-36695 · WordPress · The Quiz/Survey Master

Name of the Vulnerable Software and Affected Versions: The Quiz and Survey Master QSM WordPress plugin versions prior to 9.0.2 Description: The issue concerns a SQL injection due to the lack of validation and escaping of the question id parameter in the "qsm bulk delete question from database" AJ...

Cross Site Scripting(XSS)

zenml is vulnerable to Cross-Site Scripting XSS . The vulnerability is due to improper input neutralization during web page generation within the survey redirect parameter, which allows an attacker to execute arbitrary JavaScript code in the context of the user's browser session...

CVE-2024-4934

The Quiz and Survey Master QSM WordPress plugin before 9.0.2 does not validate and escape some of its Quiz fields before outputting them back in a page/post where the Quiz is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-4934

CVE-2024-4934 affects the Quiz and Survey Master (QSM) WordPress plugin, before version 9.0.2. The root cause is that certain quiz fields are not validated or escaped before being output on pages/posts where the quiz is embedded, enabling Stored XSS by users with the Contributor role or higher. R...

PT-2024-33478 · WordPress · Quiz/Survey Master

Name of the Vulnerable Software and Affected Versions: The Quiz and Survey Master QSM WordPress plugin versions prior to 9.0.2 Description: The issue concerns a lack of validation and escaping of certain Quiz fields in the QSM WordPress plugin, which could allow users with the contributor role an...