exploitDog

CVE-2023-3575

Опубликовано: 07 авг. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks

Ссылки

https://wpscan.com/vulnerability/6f884688-2c0d-4844-bd31-ef7085edf112
Exploit
Third Party Advisory
https://www.onvio.nl/nieuws/research-day-discovering-vulnerabilities-in-wordpress-plugins
Exploit
https://wpscan.com/vulnerability/6f884688-2c0d-4844-bd31-ef7085edf112
Exploit
Third Party Advisory
https://www.onvio.nl/nieuws/research-day-discovering-vulnerabilities-in-wordpress-plugins
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:wordpress:*:*

Версия до 8.1.11 (исключая)

EPSS

Процентиль: 36%

0.00152

Низкий

5.4 Medium

CVSS3

Дефекты

Связанные уязвимости

GHSA-gp25-f9vr-66pv

CVSS3: 5.4

github

больше 2 лет назад

The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks

EPSS

Процентиль: 36%

0.00152

Низкий

5.4 Medium

CVSS3

Дефекты