Stored XSS Vulnerability in W. W. Norton InQuizitive Platform
CVE-2025-32809

6.4MEDIUM

Key Information:

Vendor: W. W. Norton
Status: Inquizitive
Vendor: CVE Published:; 11 April 2025

What is CVE-2025-32809?

The InQuizitive platform developed by W. W. Norton is susceptible to a stored XSS vulnerability that allows malicious students to inject scripts into the system via the bonus description, feedback.choice_fb[], or question_id fields. This exploitation can potentially compromise the security of educators' accounts by executing unauthorized scripts whenever they interact with the compromised content. It emphasizes the need for stringent input validation and user data sanitization to mitigate such security risks.

Affected Version(s)

InQuizitive 0 <= 2025-04-08

References

https://medium.com/@JIT_Shellcode/inquizitive-client-side...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 11, 2025
Vulnerability Reserved
Apr 10, 2025