Vulnerability Description
The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter (and/or the quiz_id parameter). The component is: admin/quiz-options-page.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Expresstech | Quiz And Survey Master | < 6.3.5 |
Related Weaknesses (CWE)
References
- https://github.com/QuizandSurveyMaster/quiz_master_next/issues/795ExploitThird Party Advisory
- https://github.com/QuizandSurveyMaster/quiz_master_next/pull/796Third Party Advisory
- https://wordpress.org/plugins/quiz-master-next/#developersRelease Notes
- https://wpvulndb.com/vulnerabilities/9977ExploitThird Party Advisory
- https://github.com/QuizandSurveyMaster/quiz_master_next/issues/795ExploitThird Party Advisory
- https://github.com/QuizandSurveyMaster/quiz_master_next/pull/796Third Party Advisory
- https://wordpress.org/plugins/quiz-master-next/#developersRelease Notes
- https://wpvulndb.com/vulnerabilities/9977ExploitThird Party Advisory
FAQ
What is CVE-2019-17599?
CVE-2019-17599 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScri...
How severe is CVE-2019-17599?
CVE-2019-17599 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-17599?
Check the references section above for vendor advisories and patch information. Affected products include: Expresstech Quiz And Survey Master.