Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
TecnickTcexam

23 matches found

CVE
CVEadded 2021/07/30 2:15 p.m.61 views

CVE-2021-20114

When installed following the default/recommended settings, TCExam

7.5CVSS7.5AI score0.53868EPSS
CVE
CVEadded 2021/08/05 9:15 p.m.55 views

CVE-2021-20115

A reflected cross-site scripting vulnerability exists in TCExam

6.1CVSS5.8AI score0.00264EPSS
CVE
CVEadded 2021/08/05 9:15 p.m.51 views

CVE-2021-20116

A reflected cross-site scripting vulnerability exists in TCExam

6.1CVSS5.8AI score0.00264EPSS
CVE
CVEadded 2021/07/30 2:15 p.m.50 views

CVE-2021-20113

An exposure of sensitive information vulnerability exists in TCExam

5.3CVSS5.1AI score0.00302EPSS
CVE
CVEadded 2021/07/30 2:15 p.m.48 views

CVE-2021-20111

A stored cross-site scripting vulnerability exists in TCExam

5.4CVSS5.1AI score0.00206EPSS
CVE
CVEadded 2021/07/30 2:15 p.m.46 views

CVE-2021-20112

A stored cross-site scripting vulnerability exists in TCExam

5.4CVSS5.1AI score0.00206EPSS
CVE
CVEadded 2020/05/07 5:15 p.m.45 views

CVE-2020-5744

Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticated attacker to read the contents of arbitrary files on disk.

4.9CVSS4.9AI score0.00301EPSS
CVE
CVEadded 2020/05/07 5:15 p.m.43 views

CVE-2020-5745

Cross-site request forgery in TCExam 14.2.2 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.

7.4CVSS7.3AI score0.00151EPSS
CVE
CVEadded 2020/05/07 5:15 p.m.36 views

CVE-2020-5748

Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature.

6.1CVSS5.9AI score0.01138EPSS
CVE
CVEadded 2020/05/07 5:15 p.m.36 views

CVE-2020-5751

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted operator.

5.4CVSS5AI score0.00157EPSS
CVE
CVEadded 2012/08/20 8:55 p.m.35 views

CVE-2012-4238

Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008 allows remote authenticated users with level 5 or greater permissions to inject arbitrary web script or HTML via the question_subject_id parameter.

2.1CVSS5.4AI score0.00181EPSS
CVE
CVEadded 2020/05/07 5:15 p.m.35 views

CVE-2020-5750

Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature.

6.1CVSS5.9AI score0.01283EPSS
CVE
CVEadded 2011/09/24 12:55 a.m.34 views

CVE-2011-3806

TCExam 11.1.015 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/code/tce_page_footer.php and certain other files.

5CVSS6.3AI score0.00283EPSS
CVE
CVEadded 2024/01/11 4:15 p.m.33 views

CVE-2023-6554

When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers.

6.5CVSS6.3AI score0.00184EPSS
CVE
CVEadded 2012/08/20 8:55 p.m.32 views

CVE-2012-4237

Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php.

6.8CVSS8.3AI score0.00416EPSS
CVE
CVEadded 2012/11/23 8:55 p.m.32 views

CVE-2012-4601

Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 11.3.009 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the (1) user_groups[] parameter to admin/code/tce_edit_test.php or (2) subject_id parameter to admin/code/tce_show...

6CVSS8.3AI score0.00251EPSS
CVE
CVEadded 2020/05/07 5:15 p.m.32 views

CVE-2020-5747

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test.

5.4CVSS5AI score0.00157EPSS
CVE
CVEadded 2010/06/03 4:30 p.m.31 views

CVE-2010-2153

Unrestricted file upload vulnerability in admin/code/tce_functions_tcecode_editor.php in TCExam 10.1.006 and 10.1.007 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in cache/.

6.8CVSS7.9AI score0.03929EPSS
CVE
CVEadded 2012/11/23 8:55 p.m.31 views

CVE-2012-4602

Multiple cross-site scripting (XSS) vulnerabilities in admin/code/tce_select_users_popup.php in Nicola Asuni TCExam before 11.3.009 allow remote attackers to inject arbitrary web script or HTML via the (1) cid or (2) uids parameter.

4.3CVSS5.9AI score0.00295EPSS
CVE
CVEadded 2020/05/07 5:15 p.m.31 views

CVE-2020-5749

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted group.

5.4CVSS5AI score0.00157EPSS
CVE
CVEadded 2020/05/07 5:15 p.m.30 views

CVE-2020-5746

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test.

5.4CVSS5AI score0.00157EPSS
CVE
CVEadded 2020/05/07 5:15 p.m.29 views

CVE-2020-5743

Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they don't have permission.

4.3CVSS4.5AI score0.00144EPSS
CVE
CVEadded 2018/07/07 5:29 p.m.26 views

CVE-2018-13422

TCExam before 14.1.2 has XSS via an ff_ or xl_ field.

6.1CVSS5.9AI score0.0024EPSS