CVE-2020-24609
published 2020-08-25CVE-2020-24609: TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5.5 and earlier has XSS which can result in an attacker injecting the XSS payload in the User Registration…
PriorityP345medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
9.81%
95.0th percentile
TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5.5 and earlier has XSS which can result in an attacker injecting the XSS payload in the User Registration section and each time the admin visits the manage user section from the admin panel, the XSS triggers and the attacker can steal the cookie via crafted payload.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| techkshetrainfo | savsoft_quiz | <= 5.5 | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Savsoft Quiz Enterprise Version 5.5 - Persistent Cross-Site Scripting
exploitdb·2020-09-03
CVE-2020-24609 Savsoft Quiz Enterprise Version 5.5 - Persistent Cross-Site Scripting
Savsoft Quiz Enterprise Version 5.5 - Persistent Cross-Site Scripting
---
# Exploit Title: Savsoft Quiz Enterprise Version 5.5 - Persistent Cross-Site Scripting
# Date: 2020-09-01
# Exploit Author: Hemant Patidar (HemantSolo)
# Vendor Homepage: https://savsoftquiz.com/
# Software Link: https://savsoftquiz.com/web/demo.php
# Version: 5.0
# Tested on: Windows 10/Kali Linux
# Contact: https://www.linkedin.com/in/hemantsolo/
Stored Cross-site scripting(XSS):
Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. Reflected XSS involves the reflecting of a malicious script off of a web application, onto a user's browser.
Attack vector:
This vulnerability can results attacker to injec
Exploit-DB
Savsoft Quiz 5 - Stored Cross-Site Scripting
exploitdb·2020-08-18·CVSS 6.1
CVE-2020-24609 [MEDIUM] Savsoft Quiz 5 - Stored Cross-Site Scripting
Savsoft Quiz 5 - Stored Cross-Site Scripting
---
# Exploit Title: Savsoft Quiz 5 - Stored Cross-Site Scripting
# Date: 2020-07-28
# Exploit Author: Mayur Parmar(th3cyb3rc0p)
# Vendor Homepage: https://savsoftquiz.com/
# Software Link: https://github.com/savsofts/savsoftquiz_v5.git
# Version: 5.0
# Tested on: Windows 10
# Contact: https://www.linkedin.com/in/th3cyb3rc0p/
# CVE: CVE-2020-24609
Stored Cross-site scripting(XSS):
Stored attacks are those where the injected script is permanently stored on the target servers,
such as in a database, in a message forum, visitor log, comment field, etc.
The victim then retrieves the malicious script from the server when it requests the stored information.
Stored XSS is also sometimes referred to as Persistent XSS.
Attack vector:
This vulnerabili
No writeups or analysis indexed.
2020-08-25
Published