16 matches found
CVE-2020-5750
Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting XSS attacks via the self-registration feature...
CVE-2020-5746
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting XSS attacks by creating a crafted test...
CVE-2020-5749
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting XSS attacks by creating a crafted group...
CVE-2020-5746
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting XSS attacks by creating a crafted test...
CVE-2020-5748
Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting XSS attacks via the self-registration feature...
CVE-2020-5750
Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting XSS attacks via the self-registration feature...
CVE-2020-5745
Cross-site request forgery in TCExam 14.2.2 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link...
CVE-2020-5743
Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they don't have permission...
Cross site scripting
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting XSS attacks by creating a crafted test...
Cross site scripting
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting XSS attacks by creating a crafted operator...
Cross site scripting
Cross-site request forgery in TCExam 14.2.2 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link...
Improper access control
Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they don't have permission...
CVE-2020-5748
Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting XSS attacks via the self-registration feature...
CVE-2020-5745
CVE-2020-5745 : TCExam 14.2.2 is affected by a Cross-Site Request Forgery (CSRF) vulnerability. A remote attacker can induce a user to perform sensitive actions by tricking them into clicking a crafted link. The NVD CVSS data shows a base score of 7.4 (AV:N/AC:L/PR:N/UI:R/S:C/I:H/A:N) and 4.3 (CV...
CVE-2020-5746
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting XSS attacks by creating a crafted test...
CVE-2020-5743
This entry documents CVE-2020-5743 affecting TCExam 14.2.2. The vulnerability is described as improper access control (improper control of resource identifiers) that lets a remote, authenticated attacker access test metadata they should not be able to view. The connected records consistently iden...