249 matches found
CVE-2023-6554 Missing authorisation in TCExam
When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers...
Tecnick TCExam Security Breach
Tecnick TCExam is a Web-based open source e-exam system from Tecnick UK. The system is mainly used for online exams, etc. A security vulnerability exists in Tecnick TCExam versions prior to 15.1.0, which stems from an insufficiently protected external authorization mechanism in the admin folder...
The vulnerability of the electronic examination system TCExam, related to the improper display of files, allows a violator to carry out cross-site scripting attacks.
The vulnerability of the electronic examination system TCExam is related to the improper display of files in the text/html format, starting with a dot. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...
The vulnerability in the tce_select_mediafile.php function of the TCExam electronic examination system allows a perpetrator to compromise the confidentiality and integrity of the protected information.
The vulnerability in the tceselectmediafile.php file of the TCExam electronic examination system exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality and integrity of the...
The vulnerability of the electronic examination system TCExam, related to the improper display of files, allows a violator to carry out cross-site scripting attacks.
The vulnerability of the electronic examination system TCExam is related to the improper display of files in the text/html format, starting with a dot. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...
CVE-2021-20116
A reflected cross-site scripting vulnerability exists in TCExam = 14.8.4. The paths provided in the f, d, and dir parameters in tceselectmediafile.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious lin...
CVE-2021-20115
A reflected cross-site scripting vulnerability exists in TCExam = 14.8.3. The paths provided in the f, d, and dir parameters in tcefilemanager.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious link...
CVE-2021-20116
A reflected cross-site scripting vulnerability exists in TCExam = 14.8.4. The paths provided in the f, d, and dir parameters in tceselectmediafile.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious lin...
CVE-2021-20115
A reflected cross-site scripting vulnerability exists in TCExam = 14.8.3. The paths provided in the f, d, and dir parameters in tcefilemanager.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious link...
Cross site scripting
A reflected cross-site scripting vulnerability exists in TCExam = 14.8.4. The paths provided in the f, d, and dir parameters in tceselectmediafile.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious lin...
Cross site scripting
A reflected cross-site scripting vulnerability exists in TCExam = 14.8.3. The paths provided in the f, d, and dir parameters in tcefilemanager.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious link...
CVE-2021-20116
TCExam is affected by a reflected XSS vulnerability (CVE-2021-20116) in versions up to 14.8.4, caused by improper validation of path parameters in tce_select_mediafile.php (f, d, and dir). An attacker can craft a malicious link that, when clicked by an administrator, may hijack the administrator’...
CVE-2021-20116
A reflected cross-site scripting vulnerability exists in TCExam = 14.8.4. The paths provided in the f, d, and dir parameters in tceselectmediafile.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious lin...
CVE-2021-20115
TCExam
CVE-2021-20115
A reflected cross-site scripting vulnerability exists in TCExam = 14.8.3. The paths provided in the f, d, and dir parameters in tcefilemanager.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious link...
Tecnick.com TCExam 跨站脚本漏洞
Tecnick.com TCExam is a Web-based open source e-exam system from Tecnick.com, UK. The system is primarily used for online exams, among other things. A security vulnerability exists in Tecnick.com TCExam, which stems from a reflected cross-site scripting vulnerability in TCExam prior to version...
CVE-2021-20112
A stored cross-site scripting vulnerability exists in TCExam = 14.8.1. Valid files uploaded via tceselectmediafile.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tceselectmediafile.php could upload a malicious javascript payload which would b...
CVE-2021-20114
When installed following the default/recommended settings, TCExam = 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files...
CVE-2021-20111
A stored cross-site scripting vulnerability exists in TCExam = 14.8.1. Valid files uploaded via tcefilemanager.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tcefilemanager.php could upload a malicious javascript payload which would be...
CVE-2021-20111
A stored cross-site scripting vulnerability exists in TCExam = 14.8.1. Valid files uploaded via tcefilemanager.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tcefilemanager.php could upload a malicious javascript payload which would be...