W. W. Norton InQuizitive Client-Side Injection Vulnerability Allowing Arbitrary Quiz Performance Records

Vulnerability

A vulnerability in W. W. Norton InQuizitive, prior to 2025-04-08, allows students to manipulate their quiz performance records in the backend. This issue arises from the presence of only client-side access control, which can be bypassed.

Impact

Exploitation of this vulnerability could lead to unauthorized modification of quiz performance records, potentially allowing for inflated scores or other academic dishonesty.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

W. W. Norton InQuizitive Client-Side Injection Vulnerability Allowing Arbitrary Quiz Performance Records

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating