CVE-2024-6025

Source
https://cve.org/CVERecord?id=CVE-2024-6025
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6025.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-6025
Published
2024-07-11T06:00:04.031Z
Modified
2026-07-08T06:27:42.049513133Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L CVSS Calculator
Summary
Quiz and Survey Master < 9.0.5 - Contributor+ Stored XSS
Details

The Quiz and Survey Master (QSM) WordPress plugin before 9.0.5 does not sanitise and escape some of its Quiz settings, which could allow contributors and higher to perform Stored Cross-Site Scripting attacks

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "fixed": "9.0.5"
                }
            ]
        },
        {
            "source": "DESCRIPTION",
            "extracted_events": [
                {
                    "fixed": "9.0.5"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/6xxx/CVE-2024-6025.json",
    "cna_assigner": "WPScan"
}
References

Affected packages

Git / github.com/quizandsurveymaster/quiz_master_next

Affected ranges

Type
GIT
Repo
https://github.com/quizandsurveymaster/quiz_master_next
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:wordpress:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "9.0.5"
        }
    ]
}

Affected versions

3.*
3.3.3
3.4.1
3.5.1
3.5.2
3.6.1
3.7.1
3.8.1
3.8.2
3.9.0
4.*
4.0.0
4.0.1
4.1.0
4.2.0
4.2.1
4.2.2
4.2.3
4.2.4
4.3.0
4.3.1
4.4.0
4.4.1
4.4.2
4.4.3
4.4.4
4.5.0
4.5.1
4.5.2
4.5.3
4.5.4
4.5.5
4.6.0
4.6.1
4.6.2
4.6.3
4.6.4
4.6.5
4.6.6
4.6.7
4.7.0
4.7.1
4.7.10
4.7.2
4.7.3
4.7.4
4.7.5
4.7.6
4.7.7
4.7.8
4.7.9
5.*
5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.1.0
5.1.1
5.1.2
5.1.3
5.1.4
5.1.5
5.1.6
5.1.7
5.2.0
5.2.1
5.2.2
5.2.3
5.2.4
5.3.0
5.3.1
5.3.2
6.*
6.0
6.0.1
6.0.2
6.0.3
6.0.4
6.1.0
6.1.1
6.1.2
6.2.0
6.2.1
6.3.1
6.3.2
6.3.3
6.3.5
6.3.6
6.4
6.4.1
6.4.2
7.*
7.3.10
7.3.11
7.3.12
7.3.13
7.3.14
7.3.9
8.*
8.0
8.0.1
8.0.10
8.0.2
8.0.3
8.0.4
8.0.5
8.0.6
8.0.7
8.0.8
8.0.9
8.1.0
8.1.1
8.1.10
8.1.11
8.1.12
8.1.13
8.1.14
8.1.16
8.1.17
8.1.18
8.1.19
8.1.2
8.1.3
8.1.5
8.1.7
8.1.8
8.1.9
8.2.0
8.2.1
8.2.2
8.2.3
9.*
9.0.0
9.0.1
9.0.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6025.json"