savsofts/savsoftquiz_v5
GitHub
Releases0
Stars67
Create & manage online quizzes, tests & exams on your website or server with many eLearning features
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 6.4 MEDIUM | — | ||
Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerability in the user account settings page that allows authenticated attackers to inject malicious HTML and JavaScript code. Attackers can inject script payloads into user profile fields at the edit_user endpoint, which execute in the browsers of users viewing the affected profile after submission. | |||
| 6.1 MEDIUM | 4.3 MEDIUM | ||
A Cross Site Scripting (XSS) vulnerability in Savsoft Quiz v5.0 allows remote attackers to inject arbitrary web script or HTML via the Skype ID field. | |||