CVE-2021-24368

CVE-2021-24368: Quiz And Survey Master < 7.1.18 - Reflected Cross-Site Scripting (XSS)

Vendor Expresstech
Product Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress
Weakness CWE-79 · XSS
Published June 20, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. This could allow for privilege escalation by inducing a logged in admin to open a malicious link

Key dates

02Disclosure timeline

June 20, 2021 CVE published
August 3, 2024 Record updated