CVE-2016-11085

php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS, via the question_name parameter because js/admin_question.js mishandles parsing inside of a SCRIPT element.

View Full Alert

Related Posts

  • CVE-2016-1000229

    swagger-ui has XSS in key names View Full Alert

  • CVE-2016-1000022

    negotiator before 0.6.1 is vulnerable to a regular expression DoS View Full Alert

  • CVE-2016-10937

    IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate. View Full Alert