How severe is CVE-2025-32808?

CVE-2025-32808 has a CVSS v3 score of 7.7 (HIGH).

CVE-2025-32808

Name: inquizitive
Author: wwnorton

7.7HIGH

W. W. Norton InQuizitive through 2025-04-08 allows students to insert arbitrary records of their quiz performance into the backend, because only client-side access control exists.

Publicado: 4/11/2025Actualizado: 10/30/2025

Descripción

W. W. Norton InQuizitive through 2025-04-08 allows students to insert arbitrary records of their quiz performance into the backend, because only client-side access control exists.

Análisis IAImpulsado por IA

Productos Afectados

wwnortoninquizitive

Referencias

https://medium.com/@JIT_Shellcode/inquizitive-client-side-injection-lms-trust-bypass-and-stored-xss-0ea4da8d22fa
ExploitThird Party Advisory
https://medium.com/@JIT_Shellcode/inquizitive-client-side-injection-lms-trust-bypass-and-stored-xss-0ea4da8d22fa
ExploitThird Party Advisory