Show filters
31 Total Results
Displaying 11-20 of 31
Sort by:
Attacker Value
Unknown

CVE-2020-5751

Disclosure Date: May 07, 2020 (last updated February 21, 2025)
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted operator.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-5743

Disclosure Date: May 07, 2020 (last updated February 21, 2025)
Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they don't have permission.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-5745

Disclosure Date: May 07, 2020 (last updated February 21, 2025)
Cross-site request forgery in TCExam 14.2.2 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-5749

Disclosure Date: May 07, 2020 (last updated February 21, 2025)
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted group.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-5746

Disclosure Date: May 07, 2020 (last updated February 21, 2025)
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-5744

Disclosure Date: May 07, 2020 (last updated February 21, 2025)
Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticated attacker to read the contents of arbitrary files on disk.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-5748

Disclosure Date: May 07, 2020 (last updated February 21, 2025)
Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-5747

Disclosure Date: May 07, 2020 (last updated February 21, 2025)
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2018-17057

Disclosure Date: September 14, 2018 (last updated November 27, 2024)
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
0
0
Attacker Value
Unknown

CVE-2018-13422

Disclosure Date: July 07, 2018 (last updated November 27, 2024)
TCExam before 14.1.2 has XSS via an ff_ or xl_ field.
0
0
View More Topics  < Previous  Next >