# Exploit Title: Savsoft Quiz 5 - 'field_title' Stored Cross-Site Scripting  
# Date: 2020-09-02  
# Exploit Author: Dhruv Patel(dhruvp111296)  
# Vendor Homepage:  
# Software Link:  
# Version: 5.0  
# Tested on: Windows 10  
Attack vector:  
This vulnerability can results attacker to inject the XSS payload in admin  
panel Custom Field section. And Inject JavaScript Malicious code & Steal  
User’s cookie  
Vulnerable Parameters: title  
Steps for reproduce:  
1. Go to admin panel’s add custom fields page  
2. Fill the Title name as <script>alert("HELLO XSS")</script> payload in title.  
3. Now Click on Save we can see our payload gets executed.  
4. All Users Can Show our Payload As a xss.