CVE-2019-17599

Name of the Vulnerable Software and Affected Versions Quiz And Survey Master plugin versions prior to 6.3.5

Description The issue allows an attacker to execute arbitrary HTML and JavaScript code. This can occur via the from or till parameter, and/or the quiz id parameter, in the admin/quiz-options-page.php component. The attack vector involves a reflected XSS that may execute when an Administrator clicks on a malicious URL while logged in.

Recommendations For versions prior to 6.3.5, update to version 6.3.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin/quiz-options-page.php component to minimize the risk of exploitation. Avoid using the from, till, and quiz id parameters in the affected component until the issue is resolved.