CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-20112
https://notcve.org/view.php?id=CVE-2021-20112
A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce_select_mediafile.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tce_select_mediafile.php could upload a malicious javascript payload which would be triggered when another user views the file. Se presenta una vulnerabilidad de tipo cross-site scripting almacenada en TCExam versiones anteriores a 14.8.1 incluyéndola. Unos archivos válidos cargados por medio del archivo tce_select_mediafile.php con un nombre de archivo que comience por un punto será renderizado como text/html. • https://www.tenable.com/security/research/tra-2021-32 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-20111
https://notcve.org/view.php?id=CVE-2021-20111
A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce_filemanager.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tce_filemanager.php could upload a malicious javascript payload which would be triggered when another user views the file. Se presenta una vulnerabilidad de tipo cross-site scripting almacenado en TCExam versiones anteriores a 14.8.1 incluyéndola. Unos archivos válidos cargados por medio del archivo tce_filemanager.php con un nombre de archivo que comience con un punto, será renderizado como text/html. • https://www.tenable.com/security/research/tra-2021-32 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-5750
https://notcve.org/view.php?id=CVE-2020-5750
Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature. Un saneamiento de la salida insuficiente en TCExam versión 14.2.2, permite a un atacante no autenticado remoto conducir ataques de tipo cross-site scripting (XSS) persistente por medio de la funcionalidad de autorregistro. • https://www.tenable.com/security/research/tra-2020-31 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-5749
https://notcve.org/view.php?id=CVE-2020-5749
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted group. Un saneamiento de la salida insuficiente en TCExam versión 14.2.2, permite a un atacante remoto autenticado conducir ataques de tipo cross-site scripting (XSS) persistente mediante la creación de un grupo diseñado. • https://www.tenable.com/security/research/tra-2020-31 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-5751
https://notcve.org/view.php?id=CVE-2020-5751
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted operator. Un saneamiento de la salida insuficiente en TCExam versión 14.2.2, permite a un atacante autenticado remoto conducir ataques de tipo cross-site scripting (XSS) persistente mediante la creación de un operador diseñado. • https://www.tenable.com/security/research/tra-2020-31 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •