Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Tcexam
(Tecnick)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 23 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-05-07 | CVE-2020-5745 | Cross-site request forgery in TCExam 14.2.2 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | Tcexam | 7.4 | ||
| 2020-05-07 | CVE-2020-5748 | Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature. | Tcexam | 6.1 | ||
| 2020-05-07 | CVE-2020-5746 | Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. | Tcexam | 5.4 | ||
| 2020-05-07 | CVE-2020-5747 | Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. | Tcexam | 5.4 | ||
| 2020-05-07 | CVE-2020-5750 | Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature. | Tcexam | 6.1 | ||
| 2020-05-07 | CVE-2020-5749 | Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted group. | Tcexam | 5.4 | ||
| 2020-05-07 | CVE-2020-5751 | Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted operator. | Tcexam | 5.4 | ||
| 2021-07-30 | CVE-2021-20111 | A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce_filemanager.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tce_filemanager.php could upload a malicious javascript payload which would be triggered when another user views the file. | Tcexam | 5.4 | ||
| 2021-07-30 | CVE-2021-20112 | A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce_select_mediafile.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tce_select_mediafile.php could upload a malicious javascript payload which would be triggered when another user views the file. | Tcexam | 5.4 | ||
| 2021-07-30 | CVE-2021-20113 | An exposure of sensitive information vulnerability exists in TCExam <= 14.8.1. If a password reset request was made for an email address that was not registered with a user then we would be presented with an ‘unknown email’ error. If an email is given that is registered with a user then this error will not appear. A malicious actor could abuse this to enumerate the email addresses of | Tcexam | 5.3 |