The Quiz Tool Lite WordPress plugin through 2.3.15 does not sanitize multiple input fields used when creating or managing quizzes and in other setting options, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/f7b95789-43f2-42a5-95e6-eb7accbd5ed3 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2021-11-08T17:35:09
Updated: 2021-11-08T17:35:09
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24701
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-11-08T18:15:09.220
Modified: 2021-11-10T19:22:21.877
Link: CVE-2021-24701
JSON object: View
Redhat Information
No data.
CWE