CVE-2024-4256 - Vulnerability Details - OpenCVE

A vulnerability was found in Techkshetra Info Solutions Savsoft Quiz 6.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /public/index.php/Qbank/editCategory of the component Category Page. The manipulation of the argument category_name with the input ><script>alert('XSS')</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262148. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Techkshetrainfo	Savsoft Quiz

Configuration 1 [-]

cpe:2.3:a:techkshetrainfo:savsoft_quiz:6.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://vuldb.com/?ctiid.262148
https://vuldb.com/?id.262148
https://vuldb.com/?submit.319897

History

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00051}`	epss `{'score': 0.0007}`

Mon, 23 Jun 2025 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Techkshetrainfo Techkshetrainfo savsoft Quiz
CPEs		cpe:2.3:a:techkshetrainfo:savsoft_quiz:6.0:::::::*
Vendors & Products		Techkshetrainfo Techkshetrainfo savsoft Quiz

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-04-27T15:31:04.149Z

Updated: 2024-08-01T20:33:53.106Z

Reserved: 2024-04-26T12:57:57.323Z

Link: CVE-2024-4256

Vulnrichment

Updated: 2024-08-01T20:33:53.106Z

NVD

Status : Analyzed

Published: 2024-04-27T16:15:07.170

Modified: 2025-06-23T15:07:20.147

Link: CVE-2024-4256

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4256", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-04-26T12:57:57.323Z", "datePublished": "2024-04-27T15:31:04.149Z", "dateUpdated": "2024-08-01T20:33:53.106Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-04-27T15:31:04.149Z"}, "title": "Techkshetra Info Solutions Savsoft Quiz Category Page editCategory cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Cross Site Scripting"}]}], "affected": [{"vendor": "Techkshetra Info Solutions", "product": "Savsoft Quiz", "versions": [{"version": "6.0", "status": "affected"}], "modules": ["Category Page"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Techkshetra Info Solutions Savsoft Quiz 6.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /public/index.php/Qbank/editCategory of the component Category Page. The manipulation of the argument category_name with the input ><script>alert('XSS')</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262148. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Eine Schwachstelle wurde in Techkshetra Info Solutions Savsoft Quiz 6.0 gefunden. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /public/index.php/Qbank/editCategory der Komponente Category Page. Durch das Manipulieren des Arguments category_name mit der Eingabe ><script>alert('XSS')</script> mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 2.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 2.4, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 3.3, "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N"}}], "timeline": [{"time": "2024-04-26T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-04-26T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-04-26T15:03:47.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "rubx (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.262148", "name": "VDB-262148 | Techkshetra Info Solutions Savsoft Quiz Category Page editCategory cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.262148", "name": "VDB-262148 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.319897", "name": "Submit #319897 | Techkshetra Info Solutions Savsoft Quiz 6.0 Stored XSS", "tags": ["third-party-advisory"]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4256", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-29T16:25:21.063254Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:56:00.926Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:33:53.106Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.262148", "name": "VDB-262148 | Techkshetra Info Solutions Savsoft Quiz Category Page editCategory cross site scripting", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.262148", "name": "VDB-262148 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://vuldb.com/?submit.319897", "name": "Submit #319897 | Techkshetra Info Solutions Savsoft Quiz 6.0 Stored XSS", "tags": ["third-party-advisory", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.262148", "name": "VDB-262148 | Techkshetra Info Solutions Savsoft Quiz Category Page editCategory cross site scripting", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.262148", "name": "VDB-262148 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://vuldb.com/?submit.319897", "name": "Submit #319897 | Techkshetra Info Solutions Savsoft Quiz 6.0 Stored XSS", "tags": ["third-party-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:33:53.106Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4256", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-29T16:25:21.063254Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-29T16:26:55.464Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Techkshetra Info Solutions Savsoft Quiz Category Page editCategory cross site scripting", "credits": [{"lang": "en", "type": "reporter", "value": "rubx (VulDB User)"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 2.4, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 2.4, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 3.3, "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N"}}], "affected": [{"vendor": "Techkshetra Info Solutions", "modules": ["Category Page"], "product": "Savsoft Quiz", "versions": [{"status": "affected", "version": "6.0"}]}], "timeline": [{"lang": "en", "time": "2024-04-26T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-04-26T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-04-26T15:03:47.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.262148", "name": "VDB-262148 | Techkshetra Info Solutions Savsoft Quiz Category Page editCategory cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.262148", "name": "VDB-262148 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.319897", "name": "Submit #319897 | Techkshetra Info Solutions Savsoft Quiz 6.0 Stored XSS", "tags": ["third-party-advisory"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Techkshetra Info Solutions Savsoft Quiz 6.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /public/index.php/Qbank/editCategory of the component Category Page. The manipulation of the argument category_name with the input ><script>alert('XSS')</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262148. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Eine Schwachstelle wurde in Techkshetra Info Solutions Savsoft Quiz 6.0 gefunden. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /public/index.php/Qbank/editCategory der Komponente Category Page. Durch das Manipulieren des Arguments category_name mit der Eingabe ><script>alert('XSS')</script> mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Cross Site Scripting"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-04-27T15:31:04.149Z"}}}, "cveMetadata": {"cveId": "CVE-2024-4256", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:33:53.106Z", "dateReserved": "2024-04-26T12:57:57.323Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-04-27T15:31:04.149Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:techkshetrainfo:savsoft_quiz:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "5E5B5D6E-C991-499C-9F2C-E1937DF621E8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Techkshetra Info Solutions Savsoft Quiz 6.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /public/index.php/Qbank/editCategory of the component Category Page. The manipulation of the argument category_name with the input ><script>alert('XSS')</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262148. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Una vulnerabilidad fue encontrada en Techkshetra Info Solutions Savsoft Quiz 6.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /public/index.php/Qbank/editCategory del componente Category Page es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento nombre_categor\u00eda con la entrada > conduce a cross site scripting. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-262148. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2024-4256", "lastModified": "2025-06-23T15:07:20.147", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "MULTIPLE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 1.4, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-04-27T16:15:07.170", "references": [{"source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.262148"}, {"source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.262148"}, {"source": "[email protected]", "tags": ["Exploit", "VDB Entry"], "url": "https://vuldb.com/?submit.319897"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.262148"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.262148"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "VDB Entry"], "url": "https://vuldb.com/?submit.319897"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "[email protected]", "type": "Secondary"}]}