← back
CVE-2021-47962

Savsoft Quiz 5.0 Persistent Cross-Site Scripting via User Settings

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79
Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerability in the user account settings page that allows authenticated attackers to inject malicious HTML and JavaScript code. Attackers can inject script payloads into user profile fields at the edit_user endpoint, which execute in the browsers of users viewing the affected profile after submission.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Affected products
savsofts · Savsoft Quiz
public PoCs found1
cve_referencewww.exploit-db.com/exploits/49825unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/savsofts/savsoftquiz_v5https://savsoftquiz.comhttps://www.exploit-db.com/exploits/49825https://www.vulncheck.com/advisories/savsoft-quiz-persistent-cross-site-scripting-via-user-settings