Is CVE-2021-20792 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Expresstech Quiz And Survey Master

CVE-2021-20792

Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vectors.

EPSS: 0.035 (87.7th percentile) — read the EPSS interpretation.

Affected products

Expresstech Quiz And Survey Master — versions versions prior to 7.1.14

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates

References

quizandsurveymaster.com/ (x_refsource_MISC)
wordpress.org/plugins/quiz-master-next/ (x_refsource_MISC)
plugins.trac.wordpress.org/changeset (x_refsource_MISC)
jvn.jp/en/jp/JVN65388002/index.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-20792?: CVE-2021-20792 is a vulnerability in Expresstech Quiz And Survey Master. Published 2021-08-18.
Is CVE-2021-20792 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.