CVE-2021-20792

EPSS 3.5%

Vexday Risk Score

18Low

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS —EPSS 3.5%KEV nãoPoC —Nuclei simMetasploit —Patch —

Lifecycle

18 Aug 2021Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vectors.

Affected products

ExpressTech · Quiz And Survey Master

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://jvn.jp/en/jp/JVN65388002/index.html https://plugins.trac.wordpress.org/changeset?new=2503364%40quiz-master-next%2Ftrunk%2Fphp%2Fadmin%2Fquizzes-page.php&old=2490516%40quiz-master-next%2Ftrunk%2Fphp%2Fadmin%2Fquizzes-page.php https://quizandsurveymaster.com/https://wordpress.org/plugins/quiz-master-next/