Submit #778101: SourceCodester Online Quiz System 1.0 Cross Site Scriptinginfo

TitleSourceCodester Online Quiz System 1.0 Cross Site Scripting
DescriptionA Stored Cross-Site Scripting (XSS) vulnerability was discovered in SourceCodester Online Quiz System 1.0. The issue occurs in the Add Question functionality located in endpoint/add-question.php. The application fails to properly sanitize user-supplied input provided through the HTTP POST parameters quiz_question, option_a, option_b, option_c, and option_d. By injecting malicious JavaScript payloads into these parameters, an attacker can store arbitrary scripts within the application's database. When the stored data is later displayed in quiz.php or take-quiz.php, the injected script is rendered without proper output encoding and executed automatically in the browser of users viewing the affected content. This vulnerability allows attackers to perform Stored Cross-Site Scripting attacks that may lead to session hijacking, credential theft, phishing attacks, or manipulation of quiz content. The attack can be initiated remotely by an authenticated user with permission to submit quiz questions. Public proof-of-concept and exploitation details have been disclosed.
Source⚠️ https://gist.github.com/Mohdanass/5992b65cca5612c036f1d31d8d8f0646
User
 Anas22335 (UID 96357)
Submission03/11/2026 22:08 (4 months ago)
Moderation03/27/2026 09:55 (15 days later)
StatusAccepted
VulDB entry353860 [SourceCodester Online Quiz System up to 1.0 add-question.php quiz_question cross site scripting]
Points20

Want to know what is going to be exploited?

We predict KEV entries!