First published: Fri Dec 13 2019(Updated: )
The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter (and/or the quiz_id parameter). The component is: admin/quiz-options-page.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Expresstech Quiz And Survey Master | <6.3.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-17599 is a vulnerability in the Quiz And Survey Master plugin before version 6.3.5 for WordPress, which allows an attacker to execute arbitrary HTML and JavaScript code via certain parameters.
The impact of CVE-2019-17599 is that it allows an attacker to execute arbitrary HTML and JavaScript code.
CVE-2019-17599 affects the Quiz And Survey Master plugin by allowing an attacker to execute arbitrary HTML and JavaScript code through specific parameters.
The severity of CVE-2019-17599 is medium with a CVSS score of 6.1.
To fix CVE-2019-17599, you should update the Quiz And Survey Master plugin to version 6.3.5 or later.