2 matches found
CVE-2023-6554
When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers.
CVE-2018-13422
TCExam before 14.1.2 has XSS via an ff_ or xl_ field.