Lucene search
WpvulndbWPVDB-ID:29008D1A-62B3-4F40-B5A3-134455B01595HistoryMar 03, 2023 - 12:00 a.m.
Watu Quiz < 3.3.9.1 - Reflected XSS
2023-03-0300:00:00
wpscan.com
11
watu quiz
plugin vulnerability
reflected xss
cross-site scripting
admin privilege.
0.003 Low
EPSS
Percentile
65.8%
The plugin does not sanitise and escape some parameters ((such as email, dn, date and points) before outputting then back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PoC
https://example.com/wp-admin/admin.php?page=watu_takings&exam;_id=1&dn;="%2Fonmouseover%3Dalert(/XSS/)%2F%2F
Related
wpexploit
wpexploit
Watu Quiz < 3.3.9.1 - Reflected XSS
2023-03-03 00:00:00
cve
cve
CVE-2023-0968
2023-03-03 22:15:09
cvelist
cvelist
CVE-2023-0968
2023-03-03 21:29:17
prion
prion
Cross site scripting
2023-03-03 22:15:00
nvd
nvd
CVE-2023-0968
2023-03-03 22:15:09
nuclei
nuclei
WordPress Watu Quiz <3.3.9.1 - Cross-Site Scripting
2023-03-31 11:28:24
packetstorm
packetstorm
zdt
zdt
wordfence
wordfence