CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-5747
https://notcve.org/view.php?id=CVE-2020-5747
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. Un saneamiento de la salida insuficiente en TCExam versión 14.2.2, permite a un atacante remoto autenticado conducir ataques de tipo cross-site scripting (XSS) persistente mediante la creación de una prueba diseñada. • https://www.tenable.com/security/research/tra-2020-31 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13422
https://notcve.org/view.php?id=CVE-2018-13422
TCExam before 14.1.2 has XSS via an ff_ or xl_ field. TCExam en versiones anteriores a la 14.1.2 tiene Cross-Site Scripting (XSS) mediante un campo ff_ or xl_. • https://github.com/tecnickcom/tcexam/pull/223 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.0EPSS: 0%CPEs: 102EXPL: 1CVE-2012-4601
https://notcve.org/view.php?id=CVE-2012-4601
Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 11.3.009 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the (1) user_groups[] parameter to admin/code/tce_edit_test.php or (2) subject_id parameter to admin/code/tce_show_all_questions.php. Multiples vulnerabilidades de inyección SQL en Nicola Asuni TCExam anterior a v11.3.009 permite a usuarios remotos autenticados con nivel 5 o mayores permisos, ejecutar comandos SQL de su elección a través del parámetro (1) user_groups[] para admin/code/tce_edit_test.php o (2) subject_id para admin/code/tce_show_all_questions.php. • http://freecode.com/projects/tcexam/releases/347588 http://secunia.com/advisories/50539 http://sourceforge.net/projects/tcexam/files/CHANGELOG.TXT/view http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam%3Ba=commit%3Bh=3e1ed3c02122eae182f076daabe903b0c8837971 https://www.htbridge.com/advisory/HTB23111 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 102EXPL: 0CVE-2012-4602
https://notcve.org/view.php?id=CVE-2012-4602
Multiple cross-site scripting (XSS) vulnerabilities in admin/code/tce_select_users_popup.php in Nicola Asuni TCExam before 11.3.009 allow remote attackers to inject arbitrary web script or HTML via the (1) cid or (2) uids parameter. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en admin/code/tce_select_users_popup.php en Nicola Asuni TCExam anterior a v11.3.009, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de parámetro (1) cid o (2) uids. • http://freecode.com/projects/tcexam/releases/347588 http://secunia.com/advisories/50539 http://sourceforge.net/projects/tcexam/files/CHANGELOG.TXT/view http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam%3Ba=commit%3Bh=3e1ed3c02122eae182f076daabe903b0c8837971 https://www.htbridge.com/advisory/HTB23111 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 101EXPL: 2CVE-2012-4238 – TCExam 11.3.007 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2012-4238
Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008 allows remote authenticated users with level 5 or greater permissions to inject arbitrary web script or HTML via the question_subject_id parameter. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en admin/code/tce_edit_answer.php en TCExam anterior a v11.3.008 permite a usuarios autenticados con nivel 5 o permisos superiores, inyectar código web o HTML arbitrario a través del parámetro question_subject_id. TCExam version 11.3.007 suffers from a cross site scripting vulnerability. • http://archives.neohapsis.com/archives/bugtraq/2012-08/0090.html http://freecode.com/projects/tcexam/releases/347125 http://secunia.com/advisories/50141 http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam%3Bh=edf6e08622642f1b2421f4355d98250d9e1b0742 http://www.reactionpenetrationtesting.co.uk/tcexam-cross-site-scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •