CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-17599 – Quiz And Survey Master <= 6.3.4 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-17599
13 Nov 2019 — The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter (and/or the quiz_id parameter). The component is: admin/quiz-options-page.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL. El plugin quiz-master-next (también se conoce como Quiz And Survey Master)... • https://github.com/QuizandSurveyMaster/quiz_master_next/issues/795 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18513 – Responsive Menu <= 3.1.3 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2017-18513
14 Aug 2019 — The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface. El plugin responsive-menu versiones anteriores a 3.1.4 para WordPress, no presenta un mecanismo de protección CSRF para la interfaz de la administración. • https://wordpress.org/plugins/responsive-menu/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-11085 – Quiz And Survey Master <= 4.7.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-11085
15 Dec 2016 — php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS, via the question_name parameter because js/admin_question.js mishandles parsing inside of a SCRIPT element. El archivo php/qmn_options_questions_tab.php en el plugin quiz-master-next versiones anteriores a 4.7.9 para WordPress, permite un ataque de tipo CSRF, con una vulnerabilidad de tipo XSS almacenado resultante, por medio del parámetro question_name porque el archivo js/adm... • https://security.dxw.com/advisories/csrfstored-xss-in-quiz-and-survey-master-formerly-quiz-master-next-allows-unauthenticated-attackers-to-do-almost-anything-an-admin-can • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •