14 matches found
EUVD-2025-14700
Malicious code in bioql PyPI...
CVE-2025-32809
W. W. Norton InQuizitive through 2025-04-08 allows students to conduct stored XSS attacks against educators via a bonus description, feedback.choicefb, or questionid...
CVE-2025-32808
W. W. Norton InQuizitive through 2025-04-08 allows students to insert arbitrary records of their quiz performance into the backend, because only client-side access control exists...
CVE-2025-32808
W. W. Norton InQuizitive through 2025-04-08 allows students to insert arbitrary records of their quiz performance into the backend, because only client-side access control exists...
CVE-2025-32809
W. W. Norton InQuizitive through 2025-04-08 allows students to conduct stored XSS attacks against educators via a bonus description, feedback.choicefb, or questionid...
CVE-2025-32808
W. W. Norton InQuizitive through 2025-04-08 allows students to insert arbitrary records of their quiz performance into the backend, because only client-side access control exists...
CVE-2025-32809
W. W. Norton InQuizitive through 2025-04-08 allows students to conduct stored XSS attacks against educators via a bonus description, feedback.choicefb, or questionid...
CVE-2025-32808
W. W. Norton InQuizitive through 2025-04-08 allows students to insert arbitrary records of their quiz performance into the backend, because only client-side access control exists...
W. W. Norton InQuizitive 跨站脚本漏洞
W. W. Norton InQuizitive is an online adaptive learning tool from W. W. Norton Company with an eTextbook and interactive videos designed to help students complete courses. A security vulnerability exists in W. W. Norton InQuizitive version 2025-04-08 and earlier, which stems from a vulnerability...
W. W. Norton InQuizitive 安全漏洞
W. W. Norton InQuizitive is an online adaptive learning tool from W. W. Norton Company with an eTextbook and interactive videos designed to help students complete courses. A security vulnerability exists in W. W. Norton InQuizitive version 2025-04-08 and earlier, which stems from the presence of...
CVE-2025-32808
Affected software: W. W. Norton InQuizitive (through 2025-04-08). The vulnerability arises from client-side access control, allowing a student to insert arbitrary quiz records into the backend, with integrity impact (I=HIGH) and no confidentiality impact (C=NONE). CVSS details: CVSS 3.1 base scor...
PT-2025-16017 · W. W. Norton · W. W. Norton Inquizitive
Name of the Vulnerable Software and Affected Versions: W. W. Norton InQuizitive versions through 2025-04-08 Description: The issue allows students to insert arbitrary records of their quiz performance into the backend due to the existence of only client-side access control. This is related to a...
CVE-2025-32809
W. W. Norton InQuizitive through 2025-04-08 allows students to conduct stored XSS attacks against educators via a bonus description, feedback.choicefb, or questionid...
CVE-2025-32809
InQuizitive (W. W. Norton) is affected by CVE-2025-32809 through 2025-04-08, which allows stored cross-site scripting via user-supplied data in bonus description, feedback.choice_fb[], or question_id. The issue is described across multiple sources as a stored XSS vulnerability; exploitation appea...