CVE-2024-7368

LOW

Simple Realtime Quiz System 1.0 - Cross-Site Scripting via Quiz Title Parameter

Title source: llm

Description

A vulnerability has been found in SourceCodester Simple Realtime Quiz System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /ajax.php?action=save_quiz. The manipulation of the argument title leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273352.

References (4)

Core 4

Core References

Permissions Required vdb-entry technical-description

https://vuldb.com/?id.273352

Permissions Required signature permissions-required

https://vuldb.com/?ctiid.273352

VDB Entry third-party-advisory

https://vuldb.com/?submit.383516

Exploit exploit

https://gist.github.com/topsky979/ad93f7046d905cef9277304dd3ac8061

Scores

CVSS v3 3.5

EPSS 0.0021

EPSS Percentile 43.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

oretnom23/simple_realtime_quiz_system 1.0

Published Aug 01, 2024

Tracked Since Feb 18, 2026