Client-Side Injection Vulnerability in W. W. Norton InQuizitive
CVE-2025-32808

7.7HIGH

Key Information:

Vendor: W. W. Norton
Status: Inquizitive
Vendor: CVE Published:; 11 April 2025

🔔 Create W. W. Norton Vulnerability Alert

What is CVE-2025-32808?

W. W. Norton InQuizitive contains a vulnerability that permits students to manipulate their quiz performance records within the application. This issue arises due to insufficient server-side validation, allowing arbitrary records to be inserted via client-side access control, posing a significant risk of data integrity and trust in the assessment process.

Affected Version(s)

InQuizitive 0 <= 2025-04-08

References

https://medium.com/@JIT_Shellcode/inquizitive-client-side...

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2025
Vulnerability Reserved
Apr 10, 2025

JSON