Vulnerabilities > Expresstech > Quiz AND Survey Master > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-28 | CVE-2021-36863 | Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master Auth. | 5.4 |
| 2022-01-17 | CVE-2022-0180 | Cross-Site Request Forgery (CSRF) vulnerability in Expresstech Quiz and Survey Master Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to hijack the authentication of administrators and conduct arbitrary operations via a specially crafted web page. | 6.8 |
| 2022-01-17 | CVE-2022-0181 | Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master Reflected cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to inject an arbitrary script via unspecified vectors. | 4.3 |
| 2021-08-18 | CVE-2021-20792 | Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vectors. | 4.3 |
| 2021-06-20 | CVE-2021-24368 | Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. | 6.1 |
| 2021-01-01 | CVE-2020-35951 | Incorrect Authorization vulnerability in Expresstech Quiz and Survey Master An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. | 6.4 |
| 2020-08-16 | CVE-2016-11085 | Cross-Site Request Forgery (CSRF) vulnerability in Expresstech Quiz and Survey Master php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS, via the question_name parameter because js/admin_question.js mishandles parsing inside of a SCRIPT element. | 4.3 |
| 2019-12-13 | CVE-2019-17599 | Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). | 4.3 |