CVE-2020-27515

MEDIUM

Savsoft Quiz v5.0 - Stored Cross-Site Scripting via Skype ID Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-27515. PoCs published by Dipak Panchal.

AI-analyzed exploit summary This is a writeup describing a stored XSS vulnerability in Savsoft Quiz 5. The attack vector involves injecting a malicious script into the 'Skype ID' field during user registration, which executes when an admin views the user profile.

Description

A Cross Site Scripting (XSS) vulnerability in Savsoft Quiz v5.0 allows remote attackers to inject arbitrary web script or HTML via the Skype ID field.

Exploits (1)

exploitdb WRITEUP
by Dipak Panchal · textwebappsphp
https://www.exploit-db.com/exploits/49208

This is a writeup describing a stored XSS vulnerability in Savsoft Quiz 5. The attack vector involves injecting a malicious script into the 'Skype ID' field during user registration, which executes when an admin views the user profile.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Savsoft Quiz 5
Auth required
Prerequisites: User registration access · Admin interaction with the user profile
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory x_refsource_misc
https://github.com/savsofts/savsoftquiz_v5
Vendor Advisory x_refsource_misc
https://savsoftquiz.com/
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/49208

Scores

CVSS v3 6.1
EPSS 0.0131
EPSS Percentile 66.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
techkshetrainfo/savsoft_quiz 5.0
Published Dec 26, 2020
Tracked Since Feb 18, 2026