Description
Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vectors.
Affected products
- expresstech / Quiz And Survey Masterversions prior to 7.1.14 – versions prior to 7.1.14
Exploits & PoCs
- nucleiWordPress Quiz and Survey Master <7.1.14 - Cross-Site Scriptingby dhiyaneshDK
References
- MISChttps://quizandsurveymaster.com/
- MISChttps://wordpress.org/plugins/quiz-master-next/
- MISChttps://plugins.trac.wordpress.org/changeset?new=2503364%40quiz-master-next%2Ftrunk%2Fphp%2Fadmin%2Fquizzes-page.php&old=2490516%40quiz-master-next%2Ftrunk%2Fphp%2Fadmin%2Fquizzes-page.php
- MISChttps://jvn.jp/en/jp/JVN65388002/index.html