CVE-2021-47962

Savsoft Quiz 5.0 Persistent Cross-Site Scripting via User Settings

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79

Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerability in the user account settings page that allows authenticated attackers to inject malicious HTML and JavaScript code. Attackers can inject script payloads into user profile fields at the edit_user endpoint, which execute in the browsers of users viewing the affected profile after submission.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Productos afectados

savsofts · Savsoft Quiz

PoCs públicas encontradas — 1

cve_referencewww.exploit-db.com/exploits/49825no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/savsofts/savsoftquiz_v5 https://savsoftquiz.com https://www.exploit-db.com/exploits/49825 https://www.vulncheck.com/advisories/savsoft-quiz-persistent-cross-site-scripting-via-user-settings