Medium severity6.4NVD Advisory· Published May 15, 2026

CVE-2021-47962

Description

Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerability in the user account settings page that allows authenticated attackers to inject malicious HTML and JavaScript code. Attackers can inject script payloads into user profile fields at the edit_user endpoint, which execute in the browsers of users viewing the affected profile after submission.

Affected products

Savsofts/Savsoftquiz V5references

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

savsoftquiz.comnvd
www.exploit-db.com/exploits/49825nvd
www.vulncheck.com/advisories/savsoft-quiz-persistent-cross-site-scripting-via-user-settingsnvd

News mentions

No linked articles in our index yet.

cvss	0.416
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000