CVE-2024-4256

A vulnerability was found in Techkshetra Info Solutions Savsoft Quiz 6.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /public/index.php/Qbank/editCategory of the component Category Page. The manipulation of the argument category_name with the input ><script>alert('XSS')</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262148. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
Link Resource
https://vuldb.com/?ctiid.262148 Permissions Required VDB Entry
https://vuldb.com/?id.262148 Third Party Advisory VDB Entry
https://vuldb.com/?submit.319897 Exploit VDB Entry
https://vuldb.com/?ctiid.262148 Permissions Required VDB Entry
https://vuldb.com/?id.262148 Third Party Advisory VDB Entry
https://vuldb.com/?submit.319897 Exploit VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:techkshetrainfo:savsoft_quiz:6.0:*:*:*:*:*:*:*

History

23 Jun 2025, 15:07

Type Values Removed Values Added
First Time Techkshetrainfo savsoft Quiz
Techkshetrainfo
References () https://vuldb.com/?ctiid.262148 - () https://vuldb.com/?ctiid.262148 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.262148 - () https://vuldb.com/?id.262148 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.319897 - () https://vuldb.com/?submit.319897 - Exploit, VDB Entry
CPE cpe:2.3:a:techkshetrainfo:savsoft_quiz:6.0:*:*:*:*:*:*:*

Information

Published : 2024-04-27 16:15

Updated : 2025-06-23 15:07


NVD link : CVE-2024-4256

Mitre link : CVE-2024-4256

CVE.ORG link : CVE-2024-4256


JSON object : View

Products Affected

techkshetrainfo

  • savsoft_quiz
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')