CVEs-PoC/2016/CVE-2016-11085.md at main

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-02-13 03:02:49 +00:00

Files

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

897 B

Raw Permalink Blame History

CVE-2016-11085

Description

php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS, via the question_name parameter because js/admin_question.js mishandles parsing inside of a SCRIPT element.

POC

Reference

https://security.dxw.com/advisories/csrfstored-xss-in-quiz-and-survey-master-formerly-quiz-master-next-allows-unauthenticated-attackers-to-do-almost-anything-an-admin-can/

Github

https://github.com/20142995/nuclei-templates
https://github.com/ARPSyndicate/cvemon

897 B Raw Permalink Blame History

CVE-2016-11085

Description

POC

Reference

Github

897 B

Raw Permalink Blame History