Tcexam CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (29 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2020-5747	1 Tecnick	1 Tcexam	2024-11-21	5.4 Medium
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test.
CVE-2020-5746	1 Tecnick	1 Tcexam	2024-11-21	5.4 Medium
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test.
CVE-2020-5745	1 Tecnick	1 Tcexam	2024-11-21	7.4 High
Cross-site request forgery in TCExam 14.2.2 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
CVE-2020-5744	1 Tecnick	1 Tcexam	2024-11-21	4.9 Medium
Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticated attacker to read the contents of arbitrary files on disk.
CVE-2020-5743	1 Tecnick	1 Tcexam	2024-11-21	4.3 Medium
Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they don't have permission.
CVE-2018-13422	1 Tecnick	1 Tcexam	2024-11-21	N/A
TCExam before 14.1.2 has XSS via an ff_ or xl_ field.
CVE-2011-3806	1 Tecnick	1 Tcexam	2024-08-06	N/A
TCExam 11.1.015 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/code/tce_page_footer.php and certain other files.
CVE-2012-4237	1 Tecnick	1 Tcexam	2024-08-06	N/A
Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php.
CVE-2012-4238	1 Tecnick	1 Tcexam	2024-08-06	N/A
Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008 allows remote authenticated users with level 5 or greater permissions to inject arbitrary web script or HTML via the question_subject_id parameter.

« first previous Page 2 of 2.