CVE-2023-3575

Exploit

EPSS 0.15%
Veröffentlicht 07.08.2023 15:15:11
Zuletzt bearbeitet 23.04.2025 17:16:38
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Quiz And Survey Master <= 8.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Question Title

The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks

Mögliche Gegenmaßnahme

Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker: Update to version 8.1.11, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 6

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker

Version *-8.1.10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Expresstech ≫ Quiz And Survey Master SwPlatformwordpress Version < 8.1.11

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.364

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://www.onvio.nl/nieuws/research-day-discovering-vulnerabilities-in-wordpress-plugins

Exploit

https://wpscan.com/vulnerability/6f884688-2c0d-4844-bd31-ef7085edf112

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/19cb39d4-f2b4-4f94-8896-ba714567e1ed

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-3575

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3575

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3575

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-3575