CVE-2021-42664

Name of the Vulnerable Software and Affected Versions Sourcecodester Engineers Online Portal (affected versions not specified)

Description A Stored Cross Site Scripting (XSS) issue exists in the Sourcecodester Engineers Online Portal in PHP. This is due to the quiz title and quiz description parameters in the "add quiz.php" endpoint. An attacker can leverage this issue to run javascript commands on the web server surfer's behalf, potentially leading to cookie stealing.

Recommendations As a temporary workaround, consider restricting access to the "add quiz.php" endpoint until a patch is available. Avoid using the quiz title and quiz description parameters in the affected endpoint until the issue is resolved. Restrict the execution of javascript commands on the web server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.