CVE-2024-32405

Name of the Vulnerable Software and Affected Versions inducer relate versions prior to 2024.1

Description The issue allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function. This enables the attacker to execute malicious scripts on the system.

Recommendations For versions prior to 2024.1, update to version 2024.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Exam function and limiting the use of the InlineMultiQuestion parameter to minimize the risk of exploitation. Avoid using the Answer field in the affected function until the issue is resolved.