CVE-2012-4602

TCExam (Nicola Asuni) before 11.3.009 is affected by XSS in admin/code/tce_select_users_popup.php, via unsanitized inputs in the cid and uids GET parameters, enabling arbitrary script/HTML in admin sessions. Root cause: lack of input sanitization. Exploitation details are described in linked advi...