| タイトル | SourceCodester Online Quiz System 1.0 Cross Site Scripting |
|---|
| 説明 | A Stored Cross-Site Scripting (XSS) vulnerability was discovered in SourceCodester Online Quiz System 1.0. The issue occurs in the Add Question functionality located in endpoint/add-question.php.
The application fails to properly sanitize user-supplied input provided through the HTTP POST parameters quiz_question, option_a, option_b, option_c, and option_d. By injecting malicious JavaScript payloads into these parameters, an attacker can store arbitrary scripts within the application's database.
When the stored data is later displayed in quiz.php or take-quiz.php, the injected script is rendered without proper output encoding and executed automatically in the browser of users viewing the affected content.
This vulnerability allows attackers to perform Stored Cross-Site Scripting attacks that may lead to session hijacking, credential theft, phishing attacks, or manipulation of quiz content.
The attack can be initiated remotely by an authenticated user with permission to submit quiz questions. Public proof-of-concept and exploitation details have been disclosed. |
|---|
| ソース | ⚠️ https://gist.github.com/Mohdanass/5992b65cca5612c036f1d31d8d8f0646 |
|---|
| ユーザー | Anas22335 (UID 96357) |
|---|
| 送信 | 2026年03月11日 22:08 (25 日 ago) |
|---|
| モデレーション | 2026年03月27日 09:55 (15 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 353860 [SourceCodester Online Quiz System 迄 1.0 add-question.php quiz_question クロスサイトスクリプティング] |
|---|
| ポイント | 20 |
|---|