Lucene search
K

249 matches found

Cvelist
Cvelist
added 2024/01/11 3:17 p.m.16 views

CVE-2023-6554 Missing authorisation in TCExam

When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers...

6.6AI score0.00581EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/01/11 12:0 a.m.5 views

Tecnick TCExam Security Breach

Tecnick TCExam is a Web-based open source e-exam system from Tecnick UK. The system is mainly used for online exams, etc. A security vulnerability exists in Tecnick TCExam versions prior to 15.1.0, which stems from an insufficiently protected external authorization mechanism in the admin folder...

6.5CVSS6.7AI score0.00581EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2021/09/17 12:0 a.m.8 views

The vulnerability of the electronic examination system TCExam, related to the improper display of files, allows a violator to carry out cross-site scripting attacks.

The vulnerability of the electronic examination system TCExam is related to the improper display of files in the text/html format, starting with a dot. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...

5.4CVSS5.6AI score0.00609EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/09/17 12:0 a.m.6 views

The vulnerability in the tce_select_mediafile.php function of the TCExam electronic examination system allows a perpetrator to compromise the confidentiality and integrity of the protected information.

The vulnerability in the tceselectmediafile.php file of the TCExam electronic examination system exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality and integrity of the...

6.1CVSS6.3AI score0.00937EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/08/25 12:0 a.m.7 views

The vulnerability of the electronic examination system TCExam, related to the improper display of files, allows a violator to carry out cross-site scripting attacks.

The vulnerability of the electronic examination system TCExam is related to the improper display of files in the text/html format, starting with a dot. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...

5.4CVSS5.6AI score0.00634EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2021/08/05 9:15 p.m.21 views

CVE-2021-20116

A reflected cross-site scripting vulnerability exists in TCExam = 14.8.4. The paths provided in the f, d, and dir parameters in tceselectmediafile.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious lin...

6.1CVSS0.00937EPSS
Exploits1References1
NVD
NVD
added 2021/08/05 9:15 p.m.14 views

CVE-2021-20115

A reflected cross-site scripting vulnerability exists in TCExam = 14.8.3. The paths provided in the f, d, and dir parameters in tcefilemanager.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious link...

6.1CVSS0.00947EPSS
Exploits1References1
OSV
OSV
added 2021/08/05 9:15 p.m.10 views

CVE-2021-20116

A reflected cross-site scripting vulnerability exists in TCExam = 14.8.4. The paths provided in the f, d, and dir parameters in tceselectmediafile.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious lin...

6.1CVSS5.6AI score
Exploits0References1
OSV
OSV
added 2021/08/05 9:15 p.m.21 views

CVE-2021-20115

A reflected cross-site scripting vulnerability exists in TCExam = 14.8.3. The paths provided in the f, d, and dir parameters in tcefilemanager.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious link...

6.1CVSS5.6AI score
Exploits0References1
Prion
Prion
added 2021/08/05 9:15 p.m.16 views

Cross site scripting

A reflected cross-site scripting vulnerability exists in TCExam = 14.8.4. The paths provided in the f, d, and dir parameters in tceselectmediafile.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious lin...

4.3CVSS5.9AI score0.00937EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/08/05 9:15 p.m.15 views

Cross site scripting

A reflected cross-site scripting vulnerability exists in TCExam = 14.8.3. The paths provided in the f, d, and dir parameters in tcefilemanager.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious link...

4.3CVSS5.9AI score0.00947EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/08/05 8:38 p.m.65 views

CVE-2021-20116

TCExam is affected by a reflected XSS vulnerability (CVE-2021-20116) in versions up to 14.8.4, caused by improper validation of path parameters in tce_select_mediafile.php (f, d, and dir). An attacker can craft a malicious link that, when clicked by an administrator, may hijack the administrator’...

6.1CVSS5.8AI score0.00937EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/08/05 8:38 p.m.25 views

CVE-2021-20116

A reflected cross-site scripting vulnerability exists in TCExam = 14.8.4. The paths provided in the f, d, and dir parameters in tceselectmediafile.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious lin...

6AI score0.00937EPSS
Exploits1References1
CVE
CVE
added 2021/08/05 8:38 p.m.69 views

CVE-2021-20115

TCExam

6.1CVSS5.8AI score0.00947EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/08/05 8:38 p.m.18 views

CVE-2021-20115

A reflected cross-site scripting vulnerability exists in TCExam = 14.8.3. The paths provided in the f, d, and dir parameters in tcefilemanager.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious link...

6AI score0.00947EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/08/05 12:0 a.m.5 views

Tecnick.com TCExam 跨站脚本漏洞

Tecnick.com TCExam is a Web-based open source e-exam system from Tecnick.com, UK. The system is primarily used for online exams, among other things. A security vulnerability exists in Tecnick.com TCExam, which stems from a reflected cross-site scripting vulnerability in TCExam prior to version...

6.1CVSS6AI score0.00947EPSS
Exploits1References1
OSV
OSV
added 2021/07/30 2:15 p.m.19 views

CVE-2021-20112

A stored cross-site scripting vulnerability exists in TCExam = 14.8.1. Valid files uploaded via tceselectmediafile.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tceselectmediafile.php could upload a malicious javascript payload which would b...

5.4CVSS5.9AI score0.00634EPSS
Exploits1References1
NVD
NVD
added 2021/07/30 2:15 p.m.11 views

CVE-2021-20114

When installed following the default/recommended settings, TCExam = 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files...

7.5CVSS0.05973EPSS
Exploits1References1
NVD
NVD
added 2021/07/30 2:15 p.m.21 views

CVE-2021-20111

A stored cross-site scripting vulnerability exists in TCExam = 14.8.1. Valid files uploaded via tcefilemanager.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tcefilemanager.php could upload a malicious javascript payload which would be...

5.4CVSS0.00609EPSS
Exploits1References1
OSV
OSV
added 2021/07/30 2:15 p.m.14 views

CVE-2021-20111

A stored cross-site scripting vulnerability exists in TCExam = 14.8.1. Valid files uploaded via tcefilemanager.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tcefilemanager.php could upload a malicious javascript payload which would be...

5.4CVSS5.9AI score
Exploits0References1
Rows per page
Query Builder