CVE-2019-17599: XSS
First published: Fri Dec 13 2019(Updated: )
The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter (and/or the quiz_id parameter). The component is: admin/quiz-options-page.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Expresstech Quiz And Survey Master | <6.3.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-17599?
CVE-2019-17599 is a vulnerability in the Quiz And Survey Master plugin before version 6.3.5 for WordPress, which allows an attacker to execute arbitrary HTML and JavaScript code via certain parameters.
What is the impact of CVE-2019-17599?
The impact of CVE-2019-17599 is that it allows an attacker to execute arbitrary HTML and JavaScript code.
How does CVE-2019-17599 affect the Quiz And Survey Master plugin?
CVE-2019-17599 affects the Quiz And Survey Master plugin by allowing an attacker to execute arbitrary HTML and JavaScript code through specific parameters.
What is the severity of CVE-2019-17599?
The severity of CVE-2019-17599 is medium with a CVSS score of 6.1.
How can I fix CVE-2019-17599 in the Quiz And Survey Master plugin?
To fix CVE-2019-17599, you should update the Quiz And Survey Master plugin to version 6.3.5 or later.
- collector/nvd-index
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- vendor/expresstech
- canonical/expresstech quiz and survey master