3 matches found
CVE-2026-4168
Tecnick TCExam 16.5.0 contains a cross-site scripting vulnerability in /admin/code/tce_edit_group.php (Group Handler) via manipulation of the Name parameter. The issue is exploitable remotely and an exploit is publicly available. Vendor could not reproduce fully, and the description notes that th...
CVE-2021-29033
A cross-site scripting XSS vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/editgroup.php URI...
CVE-2017-15949
Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the logid parameter to admin/editgroup.php...