12 matches found
CVE-2021-20114
When installed following the default/recommended settings, TCExam
CVE-2021-20115
A reflected cross-site scripting vulnerability exists in TCExam
CVE-2021-20116
A reflected cross-site scripting vulnerability exists in TCExam
CVE-2021-20111
A stored cross-site scripting vulnerability exists in TCExam
CVE-2021-20113
An exposure of sensitive information vulnerability exists in TCExam
CVE-2021-20112
A stored cross-site scripting vulnerability exists in TCExam
CVE-2012-4238
Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008 allows remote authenticated users with level 5 or greater permissions to inject arbitrary web script or HTML via the question_subject_id parameter.
CVE-2023-6554
When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers.
CVE-2012-4237
Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php.
CVE-2012-4601
Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 11.3.009 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the (1) user_groups[] parameter to admin/code/tce_edit_test.php or (2) subject_id parameter to admin/code/tce_show...
CVE-2012-4602
Multiple cross-site scripting (XSS) vulnerabilities in admin/code/tce_select_users_popup.php in Nicola Asuni TCExam before 11.3.009 allow remote attackers to inject arbitrary web script or HTML via the (1) cid or (2) uids parameter.
CVE-2018-13422
TCExam before 14.1.2 has XSS via an ff_ or xl_ field.