WordPress Plugin Vulnerabilities

Quiz And Survey Master < 7.1.19 - Unauthenticated Stored Cross-Site Scripting (XSS)

Description

When the "Disable collecting and storing IP addresses?" setting is not used, the plugin retrieves the IP address of the submitting user via various methods, such as $_SERVER['REMOTE_ADDR'] but also arbitrary headers which can be tampered with. The final IP is not sanitised or validated, before being output in the results table in the admin dashboard, leading to a Stored Cross-Site Scripting issue. This could allow unauthenticated attacker to submit a malicious result containing an XSS payload, which will be triggered when an administrator will view the result table.

Proof of Concept

Affects Plugins

Fixed in 7.1.19

References

Classification

Type
XSS
CWE
CVSS

Miscellaneous

Verified
Yes

Timeline

Publicly Published
2021-06-03 (about 4 years ago)
Added
2021-06-03 (about 4 years ago)
Last Updated
2021-06-03 (about 4 years ago)

Other