Vulnerability Description
Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerability in the user account settings page that allows authenticated attackers to inject malicious HTML and JavaScript code. Attackers can inject script payloads into user profile fields at the edit_user endpoint, which execute in the browsers of users viewing the affected profile after submission.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://github.com/savsofts/savsoftquiz_v5
- https://savsoftquiz.com
- https://www.exploit-db.com/exploits/49825
- https://www.vulncheck.com/advisories/savsoft-quiz-persistent-cross-site-scriptin
FAQ
What is CVE-2021-47962?
CVE-2021-47962 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerability in the user account settings page that allows authenticated attackers to inject malicious HTML and JavaScript code. Attackers ...
How severe is CVE-2021-47962?
CVE-2021-47962 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-47962?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.