Qwiz Online Quizzes And Flashcards <= 3.36 - Unauthenticated Reflected Cross Site Scripting



Description
The qname, i_qwiz, session_id and username parameters passed to the registration_complete.php file are affected by XSS issues.

Plugin has been closed while the issue is being fixed.
Proof of Concept The PoC will be displayed on September 24, 2019, to give users the time to update.

Affects Plugin

fixed in version 3.37

References

PACKETSTORM 154403

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Ricardo Sanchez
Views 1951
Verified No
WPVDB ID 9874

Timeline

Publicly Published 2019-09-07 (16 days ago)
Added 2019-09-10 (13 days ago)
Last Updated 2019-09-12 (11 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin