CVE-2016-11085

Severity CVSS v4.0:
Pending analysis
Type:
CWE-352 Cross-Site Request Forgery (CSRF)
Publication date:
16/08/2020
Last modified:
21/08/2020

Description

php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS, via the question_name parameter because js/admin_question.js mishandles parsing inside of a SCRIPT element.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:wordpress:*:* 4.7.9 (excluding)