Vulnerability Name:

CVE-2022-0182 (CCN-217102)

Assigned:2022-01-12
Published:2022-01-12
Updated:2022-01-24
Summary:Stored cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote authenticated attacker to inject an arbitrary script via an website that uses Quiz And Survey Master.
CVSS v3 Severity:5.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
4.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): 
Attack Complexity (AC): 
Privileges Required (PR): 
User Interaction (UI): 
Scope:Scope (S): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
5.4 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
4.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): 
Attack Complexity (AC): 
Privileges Required (PR): 
User Interaction (UI): 
Scope:Scope (S): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
CVSS v2 Severity:3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Cross-Site Scripting
References:Source: MITRE
Type: CNA
CVE-2022-0182

Source: CCN
Type: JVN#72788165
Multiple vulnerabilities in WordPress Plugin "Quiz And Survey Master"

Source: XF
Type: UNKNOWN
wordpress-cve20220182-xss(217102)

Source: MISC
Type: Third Party Advisory
https://jvn.jp/en/jp/JVN72788165/index.html

Source: MISC
Type: Product
https://quizandsurveymaster.com/

Source: CCN
Type: WordPress Plugin Directory
ExpressTech Quiz And Survey Master plugin for WordPress

Source: MISC
Type: Vendor Advisory
https://wordpress.org/plugins/quiz-master-next/

Vulnerable Configuration:Configuration 1:
  • cpe:/a:expresstech:quiz_and_survey_master:*:*:*:*:*:wordpress:*:* (Version < 7.3.7)

    • Configuration CCN 1:
  • cpe:/a:expresstech:quiz_and_survey_master:7.3.4:*:*:*:*:wordpress:*:*
  • AND
  • cpe:/a:wordpress:wordpress:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2022-0182 (CCN-250286)

    Assigned:2022-01-11
    Published:2023-03-15
    Updated:2023-03-15
    Summary:NETGEAR devices could allow a remote attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
    CVSS v3 Severity:5.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
    4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:U/RC:R)
    Exploitability Metrics:Attack Vector (AV): 
    Attack Complexity (AC): 
    Privileges Required (PR): 
    User Interaction (UI): 
    Scope:Scope (S): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
    6.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:R)
    Exploitability Metrics:Attack Vector (AV): 
    Attack Complexity (AC): 
    Privileges Required (PR): 
    User Interaction (UI): 
    Scope:Scope (S): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    CVSS v2 Severity:3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Medium
    Authentication (Au): Single_Instance
    Impact Metrics:Confidentiality (C): None
    Integrity (I): Partial
    Availibility (A): None
    7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Complete
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-2022-0182

    Source: XF
    Type: UNKNOWN
    netgear-psv20220182-cmd-exec(250286)

    Source: CCN
    Type: NETGEAR Security Advisory: PSV-2022-0182
    hSecurity Advisory for Post-Authentication Stack Overflow on Some Routers,

    Source: CCN
    Type: Netgear Web site
    Netgear

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/h:netgear:rbk752:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:rbr750:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:rbr840:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:rbs840:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:rbk852:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:rbr850:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:rbs850:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:cbr40:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:rbre960:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:rbse960:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    expresstech quiz and survey master *
    expresstech quiz and survey master 7.3.4
    wordpress wordpress -
    netgear rbk752 -
    netgear rbr750 -
    netgear rbr840 -
    netgear rbs840 -
    netgear rbk852 -
    netgear rbr850 -
    netgear rbs850 -
    netgear cbr40 -
    netgear rbre960 -
    netgear rbse960 -