MEDIUM
savsofts
CVE published 2026-05-15
CVE-2021-47962
A persistent cross-site scripting (XSS) vulnerability in Savsoft Quiz 5.0 allows authenticated attackers to inject malicious HTML and JavaScript code through user profile fields at the edit_user endpoint. The injected payloads execute in browsers of users viewing affected profiles. This vulnerability requires authentication and user interaction, limiting its exploitability but enabling session hijacking a [truncated]