Lucene search

[email protected]NVD:CVE-2012-4238

HistoryAug 20, 2012 - 8:55 p.m.

CVE-2012-4238

2012-08-2020:55:03

CWE-79

[email protected]

web.nvd.nist.gov

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

5.2 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.8%

JSON

Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008 allows remote authenticated users with level 5 or greater permissions to inject arbitrary web script or HTML via the question_subject_id parameter.

Affected configurations

NVD

Node

tecnicktcexamRange≤11.3.007

tecnicktcexamMatch10.1.000

tecnicktcexamMatch10.1.001

tecnicktcexamMatch10.1.002

tecnicktcexamMatch10.1.003

tecnicktcexamMatch10.1.004

tecnicktcexamMatch10.1.005

tecnicktcexamMatch10.1.006

tecnicktcexamMatch10.1.007

tecnicktcexamMatch10.1.008

tecnicktcexamMatch10.1.009

tecnicktcexamMatch10.1.010

tecnicktcexamMatch10.1.011

tecnicktcexamMatch10.1.012

tecnicktcexamMatch10.1.013

tecnicktcexamMatch11.0.000

tecnicktcexamMatch11.0.001

tecnicktcexamMatch11.0.002

tecnicktcexamMatch11.0.003

tecnicktcexamMatch11.0.004

tecnicktcexamMatch11.0.005

tecnicktcexamMatch11.0.006

tecnicktcexamMatch11.0.007

tecnicktcexamMatch11.0.008

tecnicktcexamMatch11.0.009

tecnicktcexamMatch11.0.010

tecnicktcexamMatch11.0.011

tecnicktcexamMatch11.0.012

tecnicktcexamMatch11.0.013

tecnicktcexamMatch11.0.014

tecnicktcexamMatch11.0.015

tecnicktcexamMatch11.0.016

tecnicktcexamMatch11.1.000

tecnicktcexamMatch11.1.001

tecnicktcexamMatch11.1.002

tecnicktcexamMatch11.1.003

tecnicktcexamMatch11.1.004

tecnicktcexamMatch11.1.005

tecnicktcexamMatch11.1.006

tecnicktcexamMatch11.1.007

tecnicktcexamMatch11.1.008

tecnicktcexamMatch11.1.009

tecnicktcexamMatch11.1.010

tecnicktcexamMatch11.1.011

tecnicktcexamMatch11.1.012

tecnicktcexamMatch11.1.013

tecnicktcexamMatch11.1.014

tecnicktcexamMatch11.1.015

tecnicktcexamMatch11.1.016

tecnicktcexamMatch11.1.017

tecnicktcexamMatch11.1.018

tecnicktcexamMatch11.1.019

tecnicktcexamMatch11.1.020

tecnicktcexamMatch11.1.021

tecnicktcexamMatch11.1.022

tecnicktcexamMatch11.1.023

tecnicktcexamMatch11.1.024

tecnicktcexamMatch11.1.025

tecnicktcexamMatch11.1.026

tecnicktcexamMatch11.1.027

tecnicktcexamMatch11.1.028

tecnicktcexamMatch11.1.029

tecnicktcexamMatch11.1.030

tecnicktcexamMatch11.1.031

tecnicktcexamMatch11.2.000

tecnicktcexamMatch11.2.001

tecnicktcexamMatch11.2.002

tecnicktcexamMatch11.2.003

tecnicktcexamMatch11.2.004

tecnicktcexamMatch11.2.005

tecnicktcexamMatch11.2.006

tecnicktcexamMatch11.2.007

tecnicktcexamMatch11.2.008

tecnicktcexamMatch11.2.010

tecnicktcexamMatch11.2.011

tecnicktcexamMatch11.2.012

tecnicktcexamMatch11.2.013

tecnicktcexamMatch11.2.014

tecnicktcexamMatch11.2.015

tecnicktcexamMatch11.2.016

tecnicktcexamMatch11.2.017

tecnicktcexamMatch11.2.018

tecnicktcexamMatch11.2.020

tecnicktcexamMatch11.2.021

tecnicktcexamMatch11.2.022

tecnicktcexamMatch11.2.023

tecnicktcexamMatch11.2.025

tecnicktcexamMatch11.2.026

tecnicktcexamMatch11.2.027

tecnicktcexamMatch11.2.028

tecnicktcexamMatch11.2.029

tecnicktcexamMatch11.2.030

tecnicktcexamMatch11.2.031

tecnicktcexamMatch11.2.032

tecnicktcexamMatch11.3.000

tecnicktcexamMatch11.3.001

tecnicktcexamMatch11.3.002

tecnicktcexamMatch11.3.003

tecnicktcexamMatch11.3.004

tecnicktcexamMatch11.3.005

tecnicktcexamMatch11.3.006

References

archives.neohapsis.com/archives/bugtraq/2012-08/0090.html

freecode.com/projects/tcexam/releases/347125

secunia.com/advisories/50141

tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam%3Bh=edf6e08622642f1b2421f4355d98250d9e1b0742

www.reactionpenetrationtesting.co.uk/tcexam-cross-site-scripting.html

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

5.2 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.8%

JSON

Related for NVD:CVE-2012-4238

packetstorm1 prion1 cve1 cvelist1 securityvulns2