Cross-Site Scripting in ExamApp Plugin for WordPress
CVE-2017-18601

5.4MEDIUM

Key Information:

Vendor: Wordpress
Status: Ibps Online Exam
Vendor: CVE Published:; 10 September 2019

Summary

The ExamApp plugin version 1.0 for WordPress is susceptible to a cross-site scripting (XSS) vulnerability through the input text fields within the exam feature. This flaw allows attackers to inject malicious scripts that execute in the context of an authenticated user's session. As a result, an unauthorized user could gain access to sensitive information or perform actions on behalf of the affected user, potentially compromising the integrity of the website and its users.

References

https://www.exploit-db.com/exploits/42351

exploitx_refsource_EXPLOIT-DB

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 10, 2019
Vulnerability Reserved
Sep 10, 2019