CVE-2025-32808
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
Summary
W. W. Norton InQuizitive through 2025-04-08 allows students to insert arbitrary records of their quiz performance into the backend, because only client-side access control exists.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| W. W. Norton | InQuizitive | 0 <= 2025-04-08 | affected |
Weaknesses
- CWE-602: CWE-602 Client-Side Enforcement of Server-Side Security
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.