| Titel | SourceCodester Online Quiz System 1.0 Cross Site Scripting |
|---|
| Beschreibung | A Stored Cross-Site Scripting (XSS) vulnerability was discovered in SourceCodester Online Quiz System 1.0. The issue occurs in the Add Question functionality located in endpoint/add-question.php.
The application fails to properly sanitize user-supplied input provided through the HTTP POST parameters quiz_question, option_a, option_b, option_c, and option_d. By injecting malicious JavaScript payloads into these parameters, an attacker can store arbitrary scripts within the application's database.
When the stored data is later displayed in quiz.php or take-quiz.php, the injected script is rendered without proper output encoding and executed automatically in the browser of users viewing the affected content.
This vulnerability allows attackers to perform Stored Cross-Site Scripting attacks that may lead to session hijacking, credential theft, phishing attacks, or manipulation of quiz content.
The attack can be initiated remotely by an authenticated user with permission to submit quiz questions. Public proof-of-concept and exploitation details have been disclosed. |
|---|
| Quelle | ⚠️ https://gist.github.com/Mohdanass/5992b65cca5612c036f1d31d8d8f0646 |
|---|
| Benutzer | Anas22335 (UID 96357) |
|---|
| Einreichung | 11.03.2026 22:08 (vor 23 Tagen) |
|---|
| Moderieren | 27.03.2026 09:55 (15 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 353860 [SourceCodester Online Quiz System bis 1.0 add-question.php quiz_question Cross Site Scripting] |
|---|
| Punkte | 20 |
|---|