Wwnorton: >> Inquizitive Security Vulnerabilities
W. W. Norton InQuizitive through 2025-04-08 allows students to insert arbitrary records of their quiz performance into the backend, because only client-side access control exists.
CVSS Score
7.7
EPSS Score
0.001
Published
2025-04-11
W. W. Norton InQuizitive through 2025-04-08 allows students to conduct stored XSS attacks against educators via a bonus description, feedback.choice_fb[], or question_id.
CVSS Score
6.4
EPSS Score
0.0
Published
2025-04-11