Quiz And Survey Master < 7.3.7 – Low Privilege Stored Cross-Site Scripting | CVE 2022-0182

Affects Plugins

quiz-master-next

Fixed in 7.3.7

References

CVE

CVE-2022-0182

URL

https://jvn.jp/en/jp/JVN72788165/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

5.4 (medium)

Miscellaneous

Original Researcher

Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc

Verified

No

WPVDB ID

bfedf3c4-da8f-4996-b3d2-0af7627cd739

Timeline

Publicly Published

2022-01-12 (about 4 years ago)

Added

2022-01-12 (about 4 years ago)

Last Updated

2022-04-09 (about 3 years ago)

Other

Published

Title

Published

2025-12-05

Title

Live Sales Notification for Woocommerce – Woomotiv <= 3.6.3 - Reflected Cross-Site Scripting

Published

2024-08-22

Title

Gixaw Chat <= 1.0 - Stored XSS via CSRF

Published

2024-11-13

Title

ReConstruction <= 1.4.7 - Reflected Cross-Site Scripting

Published

2024-08-18

Title

Backup Database <= 4.9 - Admin+ Stored XSS

Published

2024-12-02

Title

BMLT Tabbed Map < 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting