CVE-2025-32808 Information

Description

W. W. Norton InQuizitive through 2025-04-08 allows students to insert arbitrary records of their quiz performance into the backend because only client-side access control exists.

Reference

https://medium.com/@JIT_Shellcode/inquizitive-client-side-injection-lms-trust-bypass-and-stored-xss-0ea4da8d22fa https://medium.com/@JIT_Shellcode/inquizitive-client-side-injection-lms-trust-bypass-and-stored-xss-0ea4da8d22fa