The Quiz And Survey Master WordPress plugin before 7.3.2 does not escape the Quiz Url Slug setting before outputting it in some pages, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/ecf6a082-b563-42c4-9d8c-3757aa6b696f | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2021-10-11T10:45:42
Updated: 2021-10-11T10:45:42
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24691
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-10-11T11:15:09.163
Modified: 2021-10-15T16:27:15.527
Link: CVE-2021-24691
JSON object: View
Redhat Information
No data.
CWE