CVE-2023-6166
published 2023-12-26CVE-2023-6166: The Quiz Maker WordPress plugin before 6.4.9.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting
PriorityP422medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.42%
33.7th percentile
The Quiz Maker WordPress plugin before 6.4.9.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ays-pro | quiz_maker | < 6.4.9.5 | 6.4.9.5 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8fxj-9pc3-pv45: The Quiz Maker WordPress plugin before 6
ghsa_unreviewed·2023-12-26
CVE-2023-6166 [MEDIUM] CWE-79 GHSA-8fxj-9pc3-pv45: The Quiz Maker WordPress plugin before 6
The Quiz Maker WordPress plugin before 6.4.9.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting
OSV
libcap2 vulnerability
osv·2023-06-19·CVSS 7.8
CVE-2023-2603 libcap2 vulnerability
libcap2 vulnerability
USN-6166-1 fixed a vulnerability in libcap2. This update provides
the corresponding update for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM
and Ubuntu 18.04 ESM.
Original advisory details:
Richard Weinberger discovered that libcap2 incorrectly handled certain long
input strings. An attacker could use this issue to cause libcap2 to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2023-2603)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-12-26
Published