Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Tcexam
(Tecnick)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 23 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-01-11 | CVE-2023-6554 | When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers. | Tcexam | 6.5 | ||
| 2020-05-07 | CVE-2020-5743 | Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they don't have permission. | Tcexam | 4.3 | ||
| 2020-05-07 | CVE-2020-5744 | Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticated attacker to read the contents of arbitrary files on disk. | Tcexam | 4.9 | ||
| 2020-05-07 | CVE-2020-5745 | Cross-site request forgery in TCExam 14.2.2 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | Tcexam | 7.4 | ||
| 2020-05-07 | CVE-2020-5748 | Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature. | Tcexam | 6.1 | ||
| 2020-05-07 | CVE-2020-5746 | Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. | Tcexam | 5.4 | ||
| 2020-05-07 | CVE-2020-5747 | Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. | Tcexam | 5.4 | ||
| 2020-05-07 | CVE-2020-5750 | Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature. | Tcexam | 6.1 | ||
| 2020-05-07 | CVE-2020-5749 | Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted group. | Tcexam | 5.4 | ||
| 2020-05-07 | CVE-2020-5751 | Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted operator. | Tcexam | 5.4 |