CVE-2021-20792

Опубликовано: 18 авг. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vectors.

Ссылки

https://jvn.jp/en/jp/JVN65388002/index.html
Third Party Advisory
https://plugins.trac.wordpress.org/changeset?new=2503364%40quiz-master-next%2Ftrunk%2Fphp%2Fadmin%2Fquizzes-page.php&old=2490516%40quiz-master-next%2Ftrunk%2Fphp%2Fadmin%2Fquizzes-page.php
Patch
Third Party Advisory
https://quizandsurveymaster.com/
Product
https://wordpress.org/plugins/quiz-master-next/
Product
Release Notes
https://jvn.jp/en/jp/JVN65388002/index.html
Third Party Advisory
https://plugins.trac.wordpress.org/changeset?new=2503364%40quiz-master-next%2Ftrunk%2Fphp%2Fadmin%2Fquizzes-page.php&old=2490516%40quiz-master-next%2Ftrunk%2Fphp%2Fadmin%2Fquizzes-page.php
Patch
Third Party Advisory
https://quizandsurveymaster.com/
Product
https://wordpress.org/plugins/quiz-master-next/
Product
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:wordpress:*:*

Версия до 7.1.14 (исключая)

EPSS

Процентиль: 93%

0.09536

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-pv46-7c32-rmg5

github

больше 3 лет назад