PT-2026-28698 · Unknown · Sourcecodester Online Quiz System

Anas22335

Publicado

2026-03-27

Atualizado

2026-03-28

CVE-2026-4973

CVSS v2.0

4.0

Média

Vetor

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions SourceCodester Online Quiz System version 1.0

Description A flaw exists in SourceCodester Online Quiz System that allows for cross site scripting. This issue is related to the manipulation of the quiz question argument within the '/add-question.php' API endpoint. The attack can be initiated remotely, and details about the exploit are publicly available.

Recommendations Apply a fix to address the manipulation of the quiz question argument in the '/add-question.php' endpoint.

Exploit

Correção

XSS

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79CWE-94

Identificadores relacionados

CVE-2026-4973

Produtos afetados

Sourcecodester Online Quiz System

PT-2026-28698 · Unknown · Sourcecodester Online Quiz System

CVE-2026-4973

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7