A vulnerability, which was classified as problematic, was found in SourceCodester Online Quiz System 1.0. This affects an unknown part of the file take-quiz.php. The manipulation of the argument quiz_taker/year_section leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246639.
References
Link | Resource |
---|---|
https://vuldb.com/?ctiid.246639 | Permissions Required Third Party Advisory |
https://vuldb.com/?id.246639 | Third Party Advisory |
https://www.yuque.com/u39339523/el4dxs/mmvgxz2hgb5na0aw | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.246639 | Permissions Required Third Party Advisory |
https://vuldb.com/?id.246639 | Third Party Advisory |
https://www.yuque.com/u39339523/el4dxs/mmvgxz2hgb5na0aw | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 08:43
Type | Values Removed | Values Added |
---|---|---|
References | () https://vuldb.com/?ctiid.246639 - Permissions Required, Third Party Advisory | |
References | () https://vuldb.com/?id.246639 - Third Party Advisory | |
References | () https://www.yuque.com/u39339523/el4dxs/mmvgxz2hgb5na0aw - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 3.5 |
06 Dec 2023, 22:03
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:remyandrade:online_quiz_system:1.0:*:*:*:*:*:*:* | |
References | () https://vuldb.com/?ctiid.246639 - Permissions Required, Third Party Advisory | |
References | () https://vuldb.com/?id.246639 - Third Party Advisory | |
References | () https://www.yuque.com/u39339523/el4dxs/mmvgxz2hgb5na0aw - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
02 Dec 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-02 21:15
Updated : 2024-11-21 08:43
NVD link : CVE-2023-6473
Mitre link : CVE-2023-6473
CVE.ORG link : CVE-2023-6473
JSON object : View
Products Affected
remyandrade
- online_quiz_system
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')