Stored Cross-Site Scripting in Savsoft Quiz 6.0
CVE-2024-34401

6.1MEDIUM

Key Information:

Vendor: Savsoft
Status: Savsoft Quiz
Vendor: CVE Published:; 3 May 2024

What is CVE-2024-34401?

The vulnerability in Savsoft Quiz 6.0 allows for stored cross-site scripting (XSS) attacks. An attacker can exploit the vulnerability by injecting malicious scripts through the quiz_name parameter in the index.php file during the quiz insertion process. This malicious script, once stored, executes whenever a user accesses the affected quiz entry. The exploitation of this vulnerability can lead to data theft, session hijacking, and other unauthorized actions on behalf of the user. The implications for users' privacy and security are significant, making it crucial for administrators and users of Savsoft Quiz to ensure that necessary patches and mitigations are applied.

References

https://www.exploit-db.com/exploits/51988

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 3, 2024

CVE-2024-34401 Data

JSON