PatchSiren cyber security CVE debrief
CVE-2026-40787 ExpressTech CVE debrief
CVE-2026-40787 is a Unauthenticated Cross Site Scripting (XSS) vulnerability affecting Quiz And Survey versions up to 11.0.0. The vulnerability has a CVSS score of 7.1 and is considered HIGH severity. It was published on [2026-06-15T21:16:50.943Z](https://www.cve.org/CVERecord?id=CVE-2026-40787) and last modified on [2026-06-15T21:24:32.790Z](https://www.cve.org/CVERecord?id=CVE-2026-40787).
- Vendor
- ExpressTech
- Product
- Quiz And Survey Master
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of Quiz And Survey Master plugin versions up to 11.0.0 should apply patches or mitigations to prevent exploitation of this vulnerability.
Technical summary
The vulnerability is caused by a lack of proper input validation and sanitization in the Quiz And Survey Master plugin. This allows an unauthenticated attacker to inject malicious JavaScript code, potentially leading to unauthorized actions or data theft.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates to Quiz And Survey Master plugin versions up to 11.0.0.
- Implement additional security measures such as input validation and Content Security Policy (CSP) headers.
Evidence notes
The CVE was published by the CVE Numbering Authority and details were provided by Patchstack.
Official resources
-
CVE-2026-40787 CVE record
CVE.org
-
CVE-2026-40787 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-40787 was disclosed by Patchstack on 2026-06-15.