Quiz And Survey Master < 7.3.7 – Reflected Cross-Site Scripting | CVE 2022-0181

Affects Plugins

quiz-master-next

Fixed in 7.3.7

References

CVE

CVE-2022-0181

URL

https://jvn.jp/en/jp/JVN72788165/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.1 (medium)

Miscellaneous

Original Researcher

Daiki Sueyoshi

Verified

No

WPVDB ID

8c10cf53-5ddb-49b7-a1db-eea6a58f64ee

Timeline

Publicly Published

2022-01-12 (about 4 years ago)

Added

2022-01-12 (about 4 years ago)

Last Updated

2022-04-09 (about 4 years ago)

Other

Published

Title

Published

2024-06-28

Title

Login with phone number < 1.7.36 - Authenticated (Administrator+) Stored Cross-Site Scripting

Published

2024-09-23

Title

Garden Gnome Package < 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2022-08-15

Title

Multivendor Marketplace Solution for WooCommerce < 3.8.12 - Multiple Reflected Cross-Site Scripting

Published

2023-10-20

Title

EventON < 2.2.3 - Reflected Cross Site Scripting

Published

2026-04-07

Title

Blubrry PowerPress < 11.15.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via powerpress and podcast Shortcodes