Datas from “Open End” questions are not escaped properly (the_content() function is used).
XSS is visible for admin.
Proof of Concept:
If exam has at least one “Open End” question it is possible to add XSS there, for example:
It will be visible for user after sending form and also for admin:
It must press “view” button, which loads:
- 21-10-2014: Discovered
- 12-11-2014: Vendor notified
- 12-11-2014: Version 184.108.40.206 released, issue resolved