Savsoft Quiz 5 - Persistent Cross-Site Scripting (XSS)

|===========================================================================
| # Exploit Title : Savsoft Quiz 5 - Persistent Cross-Site Scripting (XSS)
|                                                                           
| # Author : Ali Seddigh                                            
|                                                                           
| # Category : Web Application               
|
| # Vendor Homepage : https://savsoftquiz.com
|                                                                           
| # Tested on : [ Windows ~> 10 ]                                                     
|
| # Version : 5
|                  
| # Date : 2021-07-05                                                        
|===========================================================================

====================================[Description]====================================
The vulnerability is found at the user settings page where the user can change his name and his login credentials. its possible to inject html/js into the fields which will be executed after pressing submit.


====================================[Proof of Concept]====================================
If you installed this software create a new user or you can use the default user shown in the install description

test-link:
http://192.168.1.109/index.php/user/edit_user/<userid>

step1)
login into an account

step2)
click on the top right on you account name and navigate to "My Account"

step3)
insert 

"><script>alert(document.cookie);</script>

into the fields and hit submit

|===========================================================================
| # Discovered By : Ali Triplex                                             
|===========================================================================