4 matches found
CVE-2021-20115
A reflected cross-site scripting vulnerability exists in TCExam = 14.8.3. The paths provided in the f, d, and dir parameters in tcefilemanager.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious link...
CVE-2021-20116
A reflected cross-site scripting vulnerability exists in TCExam = 14.8.4. The paths provided in the f, d, and dir parameters in tceselectmediafile.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious lin...
CVE-2021-20116
A reflected cross-site scripting vulnerability exists in TCExam = 14.8.4. The paths provided in the f, d, and dir parameters in tceselectmediafile.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious lin...
WordPress Total Security plugin <= 3.4 - Persistent Cross-Site Scripting (XSS) Vulnerability
With the 404 log feature is enabled, the function getRefe doesn't sanitize $SERVER'HTTPREFERER'. When the output is shown - the referer is not escaped. Solution Update the plugin...