The Quiz and Survey Master (QSM) WordPress plugin before 9.1.1 fails to validate and escape certain Quiz fields before displaying them on a page or post where the Quiz is embedded, which could allows contributor and above roles to perform Stored Cross-Site Scripting (XSS) attacks.
Metrics
Affected Vendors & Products
References
History
Wed, 28 Aug 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Expresstech
Expresstech quiz And Survey Master |
|
Weaknesses | CWE-79 | |
CPEs | cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Expresstech
Expresstech quiz And Survey Master |
|
Metrics |
cvssV3_1
|
Mon, 26 Aug 2024 06:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Quiz and Survey Master (QSM) WordPress plugin before 9.1.1 fails to validate and escape certain Quiz fields before displaying them on a page or post where the Quiz is embedded, which could allows contributor and above roles to perform Stored Cross-Site Scripting (XSS) attacks. | |
Title | Quiz and Survey Master (QSM) < 9.1.1 - Contributor+ Stored XSS | |
References |
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-08-26T06:00:01.427Z
Updated: 2024-08-28T15:01:26.636Z
Reserved: 2024-07-18T09:31:28.894Z
Link: CVE-2024-6879
Vulnrichment
Updated: 2024-08-28T15:01:18.772Z
NVD
Status : Awaiting Analysis
Published: 2024-08-26T06:15:04.867
Modified: 2024-08-28T15:35:24.120
Link: CVE-2024-6879
Redhat
No data.