The XOOPS Quiz Module allows users to post pop quizzes online, a vulnerability in the module allows remote attackers to insert malicious HTML and JavaScript code into the quiz.
Credit:
The information has been provided by magistrat.
If the moderating/administrator of this module allows the online development of questions, he takes a risk that someone will post something like this:
<IMG SRC="javascript:alert('blocus-zone')"> placed in a multiple answer.
(Note that the code that we have a presented here is not dangerous, however there are some codes much more malicious)
To verify questions elaborated by his member, the moderator or admin goes to visualize before the proposal, even then, a pop up creates a page in his final form to give a visualization to the approver of questions/quiz, and this cause automatically the bug on browser, without that the administrator or the moderator have not been able to perceive him before.
