Exploits / Vulnerability Discovered : 2021-05-05 |
Type : webapps |
Platform : php
This exploit / vulnerability Savsoft quiz 5 user account settings persistent crosssite scripting is for educational purposes only and if it is used you will do on your own risk!
====================================[Description]====================================
The vulnerability is found at the user settings page where the user can change his name and his login credentials. its possible to inject html/js into the fields which will be executed after pressing submit.
====================================[Proof of Concept]====================================
If you installed this software create a new user or you can use the default user shown in the install description