Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
W. W. Norton InQuizitive through 2025-04-08 allows students to insert arbitrary records of their quiz performance into the backend, because only client-side access control exists.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
Vulnerability Type
服务端安全的客户端实施
Vulnerability Title
W. W. Norton InQuizitive 安全漏洞
Vulnerability Description
W. W. Norton InQuizitive是W. W. Norton公司的一款在线自适应学习工具,配有电子教科书和互动视频,旨在帮助学生完成课程。 W. W. Norton InQuizitive 2025-04-08及之前版本存在安全漏洞,该漏洞源于仅存在客户端访问控制,可能导致学生向后端插入任意测验记录。
CVSS Information
N/A
Vulnerability Type
N/A