What is GHSA-234g-j3mr-6rvx?

GHSA-234g-j3mr-6rvx is a security advisory published by GitHub Security Advisories with Medium severity. Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerability in the user account...

Which CVE IDs does GHSA-234g-j3mr-6rvx cover?

GHSA-234g-j3mr-6rvx covers the following CVE IDs: CVE-2021-47962. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-234g-j3mr-6rvx?

GHSA-234g-j3mr-6rvx has a CVSS v3 base score of 6.4, published by GitHub Security Advisories.

GHSA-234g-j3mr-6rvxMediumCVSS 6.4

Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerability in the user account...

Vendor

GitHub Security Advisories

Published

May 15, 2026

Last Modified

May 15, 2026

🔗 CVE IDs covered (1)

CVE-2021-47962 →

📋 Description

Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerability in the user account settings page that allows authenticated attackers to inject malicious HTML and JavaScript code. Attackers can inject script payloads into user profile fields at the edit_user endpoint, which execute in the browsers of users viewing the affected profile after submission.

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2021-47962
https://github.com/savsofts/savsoftquiz_v5
https://savsoftquiz.com
https://www.exploit-db.com/exploits/49825
https://www.vulncheck.com/advisories/savsoft-quiz-persistent-cross-site-scripting-via-user-settings
https://github.com/advisories/GHSA-234g-j3mr-6rvx