Lucene search
Krugov AryomWPEX-ID:A2270EE1-3211-4B16-B3D7-6CDD732F7155HistoryJun 10, 2024 - 12:00 a.m.
Quiz And Survey Master < 9.0.2 - Contributor+ Stored XSS
2024-06-1000:00:00
Krugov Aryom
23
quiz and survey master
contributor+
stored xss
vulnerability
june 24 2024
update
Description The plugin does not validate and escape some of its Quiz fields before outputting them back in a page/post where the Quiz is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
1. Go to to Quizzes & Surveys
2. Add/edit a question on a Quiz, and put the following payload in the answer field: <img src=x onerror=alert(/XSS/)>
5. Add the Quiz to a post (via Add block for example) and save
The XSS will be triggered when any user will edit the post and click on the QuizReferences
Related
nvd
nvd
CVE-2024-4934
2024-07-01 06:15:23
cve
cve
CVE-2024-4934
2024-07-01 06:15:23
wpvulndb
wpvulndb
Quiz And Survey Master < 9.0.2 - Contributor+ Stored XSS
2024-06-10 00:00:00
cvelist
cvelist
CVE-2024-4934 Quiz And Survey Master < 9.0.2 - Contributor+ Stored XSS
2024-07-01 06:00:01
vulnrichment
vulnrichment
CVE-2024-4934 Quiz And Survey Master < 9.0.2 - Contributor+ Stored XSS
2024-07-01 06:00:01
wordfence
wordfence
AI Score
5.9
Confidence
High
EPSS
0
Percentile
9.1%
Related for WPEX-ID:A2270EE1-3211-4B16-B3D7-6CDD732F7155