CVE-2021-47962 | THREATINT

Description

Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerability in the user account settings page that allows authenticated attackers to inject malicious HTML and JavaScript code. Attackers can inject script payloads into user profile fields at the edit_user endpoint, which execute in the browsers of users viewing the affected profile after submission.

PUBLISHED Reserved 2026-05-15 | Published 2026-05-15 | Updated 2026-05-15 | Assigner VulnCheck

MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

MEDIUM: 6.4CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Problem types

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

5.0

affected

Credits

strider finder

References

www.exploit-db.com/exploits/49825 (ExploitDB-49825) exploit

savsoftquiz.com (Official Product Homepage) product

github.com/savsofts/savsoftquiz_v5 (Product Reference) product

www.vulncheck.com/...-cross-site-scripting-via-user-settings (VulnCheck Advisory: Savsoft Quiz 5.0 Persistent Cross-Site Scripting via User Settings) third-party-advisory

cve.org (CVE-2021-47962)

nvd.nist.gov (CVE-2021-47962)

Download JSON