CVE-2025-32809

Name of the Vulnerable Software and Affected Versions: W. W. Norton InQuizitive through 2025-04-08

Description: The issue allows students to conduct stored XSS attacks against educators via a bonus description, feedback.choice fb[], or question id. This enables malicious activities by exploiting these parameters.

Recommendations: For W. W. Norton InQuizitive through 2025-04-08, consider restricting access to the bonus description, feedback.choice fb[], and question id parameters to minimize the risk of exploitation until a fix is available. As a temporary workaround, educators should be cautious when interacting with student-submitted content.