12 Jan

Vulnerability Details: Persistent Cross-Site Scripting (XSS) Vulnerability in Chained Quiz

This post's content is only accessible to those who have an active account with our service.

If you currently have one then please log in to view the content.

If you don't currently have one, you can get free access to this content, as when you sign up now you can try the service for free for the first month (there are a lot of other reason that you will want to sign up beyond access to this post's content).

If you are a security researcher please contact us to get free access to all of our Vulnerability Details posts.

2 thoughts on “Vulnerability Details: Persistent Cross-Site Scripting (XSS) Vulnerability in Chained Quiz

  1. “Any available cookies will be shown in alert box on that page.”

    This is simply not true. The HTML is shown as HTML on the page because it is escaped. The plugin MUST allow all kind of input from users because it can be used to examine HTML knowledge.

    • Prior to what you are quoting we noted the vulnerability was fixed by escaping the output. The proof of concept you are quoting shows how the vulnerability would be exploited in prior versions, before the escaping was done, so that seems to be what is confusing you about this.

Leave a Reply

Your email address will not be published. Required fields are marked *