exploitDog

CVE-2025-32808

Опубликовано: 11 апр. 2025

Источник: nvd

CVSS3: 7.7

EPSS Низкий

Описание

W. W. Norton InQuizitive through 2025-04-08 allows students to insert arbitrary records of their quiz performance into the backend, because only client-side access control exists.

Ссылки

https://medium.com/@JIT_Shellcode/inquizitive-client-side-injection-lms-trust-bypass-and-stored-xss-0ea4da8d22fa
Exploit
Third Party Advisory
https://medium.com/@JIT_Shellcode/inquizitive-client-side-injection-lms-trust-bypass-and-stored-xss-0ea4da8d22fa
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wwnorton:inquizitive:*:*:*:*:*:*:*:*

Версия до 2025-04-08 (включая)

EPSS

Процентиль: 45%

0.00228

Низкий

7.7 High

CVSS3

Дефекты

CWE-602

Связанные уязвимости

GHSA-8v47-p595-5p8g

CVSS3: 7.7

github

10 месяцев назад

W. W. Norton InQuizitive through 2025-04-08 allows students to insert arbitrary records of their quiz performance into the backend, because only client-side access control exists.

EPSS

Процентиль: 45%

0.00228

Низкий

7.7 High

CVSS3

Дефекты

CWE-602