📄 Description (English)
Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerability in the user account settings page that allows authenticated attackers to inject malicious HTML and JavaScript code. Attackers can inject script payloads into user profile fields at the edit_user endpoint, which execute in the browsers of users viewing the affected profile after submission.
🤖 AI Executive Summary
Savsoft Quiz 5.0 contains a persistent XSS vulnerability in user account settings that allows authenticated attackers to inject malicious scripts into profile fields. The vulnerability executes in browsers of users viewing affected profiles, potentially leading to session hijacking, credential theft, or malware distribution. While no public exploit exists, the lack of available patches presents ongoing risk for organizations using this learning management system.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 16, 2026 10:01
🇸🇦 Saudi Arabia Impact Assessment
Saudi educational institutions, universities, and e-learning platforms using Savsoft Quiz 5.0 are at direct risk. Government education sector (Ministry of Education), private universities, and corporate training programs are most vulnerable. The vulnerability could compromise student and staff accounts, leading to unauthorized access to educational records, grade manipulation, and credential theft. Healthcare organizations using this platform for training are also at risk. The persistent nature of the XSS means compromised profiles continue to attack users until remediated.
🏢 Affected Saudi Sectors
Education
Government
Healthcare
Corporate Training
Universities
E-Learning Platforms
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
6.8
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:
1. Identify all instances of Savsoft Quiz 5.0 in your environment and document affected systems
2. Restrict access to user profile editing functionality to essential personnel only
3. Implement input validation and output encoding on the edit_user endpoint
4. Deploy Web Application Firewall (WAF) rules to block common XSS payloads in profile fields
Patching Guidance:
5. Contact Savsoft vendor for security patches or upgrade timeline
6. If no patch available, implement compensating controls immediately
7. Review all user profiles for suspicious content or script injections
8. Force password reset for all users as precautionary measure
Compensating Controls:
9. Implement Content Security Policy (CSP) headers to prevent inline script execution
10. Enable HTML sanitization on all user-generated content fields
11. Deploy endpoint detection and response (EDR) to monitor for session hijacking attempts
12. Implement strict output encoding for profile display pages
Detection Rules:
13. Monitor for suspicious JavaScript patterns in profile update requests
14. Alert on unusual profile view patterns or rapid profile access
15. Log and review all changes to user profile fields
16. Implement SIEM rules to detect XSS payload signatures in HTTP requests
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. حدد جميع نسخ Savsoft Quiz 5.0 في بيئتك وتوثيق الأنظمة المتأثرة
2. قيد الوصول إلى وظيفة تحرير ملف المستخدم للموظفين الأساسيين فقط
3. طبق التحقق من الإدخال والترميز على نقطة نهاية edit_user
4. نشر قواعد جدار الحماية لتطبيقات الويب (WAF) لحجب حمولات XSS الشائعة
إرشادات التصحيح:
5. اتصل بمورد Savsoft للحصول على تصحيحات أمان أو جدول زمني للترقية
6. إذا لم يكن هناك تصحيح متاح، طبق الضوابط البديلة على الفور
7. راجع جميع ملفات المستخدم للبحث عن محتوى مريب أو حقن نصوص برمجية
8. فرض إعادة تعيين كلمة المرور لجميع المستخدمين كإجراء احترازي
الضوابط البديلة:
9. طبق سياسة أمان المحتوى (CSP) لمنع تنفيذ النصوص البرمجية المضمنة
10. فعّل تنظيف HTML على جميع حقول محتوى المستخدم
11. نشر كشف ومعالجة نقاط النهاية (EDR) لمراقبة محاولات اختطاف الجلسة
12. طبق ترميز الإخراج الصارم لصفحات عرض الملف الشخصي
قواعد الكشف:
13. راقب أنماط JavaScript المريبة في طلبات تحديث الملف الشخصي
14. تنبيه على أنماط عرض ملف شخصي غير عادية أو وصول سريع للملف الشخصي
15. سجل وراجع جميع التغييرات على حقول ملف المستخدم
16. طبق قواعد SIEM للكشف عن توقيعات حمولة XSS في طلبات HTTP
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.5.1.1 - Information security policies and procedures
A.6.1.1 - Access control policy
A.7.1.1 - Cryptography and data protection
A.8.1.1 - Asset management
A.12.2.1 - Change management
A.12.6.1 - Management of technical vulnerabilities
🔵 SAMA CSF
ID.GV-1 - Organizational context and governance
PR.AC-1 - Access control and identity management
PR.DS-1 - Data security and protection
DE.CM-1 - Detection and monitoring
RS.RP-1 - Response planning
🟡 ISO 27001:2022
A.5.1 - Management direction for information security
A.6.1 - Internal organization
A.8.1 - Asset management
A.12.2 - Change management
A.12.6 - Management of technical vulnerabilities
A.14.2 - Development security
🟣 PCI DSS v4.0.1
Requirement 6.5.1 - Injection flaws
Requirement 6.5.7 - Cross-site scripting (XSS)
Requirement 6.2 - Security patches and updates
🔗 References & Sources 4
🔗
🔗
🔗
🔗
https://github.com/savsofts/savsoftquiz_v5
disclosure@vulncheck.com
https://savsoftquiz.com
disclosure@vulncheck.com
https://www.exploit-db.com/exploits/49825
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/savsoft-quiz-persistent-cross-site-scripting-via-u...
disclosure@vulncheck.com