Quiz And Survey Master < 6.3.5 - Authenticated Reflected XSS



Proof of Concept
https://domain.tld/wp-admin/admin.php?page=mlw_quiz_options&quiz_id=<PAYLOAD>

Affects Plugin

References

CVE 2019-17599
URL https://github.com/QuizandSurveyMaster/quiz_master_next/issues/795

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Views 202678
Verified No
WPVDB ID 9977

Timeline

Publicly Published 2019-11-13 (8 months ago)
Added 2019-12-13 (7 months ago)
Last Updated 2019-12-14 (7 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin