MEDIUM🇵🇱 Wersja polska

CVE-2022-41431

CVSS 5.4v3.1pub. 2022-10-17upd. 2025-05-14

xzs v3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /admin/question/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
  • Mindskip Xzs

    APP
    Mindskip
    3.8.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2024-29401CRITICAL9.8PL ✓ten sam vendor

Niewystarczające wygasanie sesji w xzs-mysql 3.8 — przejęcie konta admina

CVE-2021-46086HIGH7.5ten sam vendor

xzs-mysql >= t3.4.0 is vulnerable to Insecure Permissions. The front end of this open source system is an onli...

CVE-2025-1084MEDIUM5.3ten sam vendor

A vulnerability, which was classified as problematic, has been found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Af...

CVE-2025-1082MEDIUM5.1ten sam vendor

A vulnerability classified as problematic has been found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected is an...

CVE-2025-1083LOW2.3ten sam vendor

A vulnerability classified as problematic was found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected by this vu...