SourceCodester Online Quiz System take-quiz.php cross site scripting
CVE-2023-6473

5.4MEDIUM

Key Information:

Vendor

SourceCodester
Status
Online Quiz System
Vendor
CVE Published:
2 December 2023

What is CVE-2023-6473?

A vulnerability, which was classified as problematic, was found in SourceCodester Online Quiz System 1.0. This affects an unknown part of the file take-quiz.php. The manipulation of the argument quiz_taker/year_section leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246639.

Affected Version(s)

Online Quiz System 1.0

References

https://vuldb.com/?id.246639
vdb-entrytechnical-description
https://vuldb.com/?ctiid.246639
signaturepermissions-required
https://www.yuque.com/u39339523/el4dxs/mmvgxz2hgb5na0aw
exploit

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

whs123 (VulDB User)
.