Skip to main content

Tcexam

21 CVEs product

Monthly

CVE-2023-6554 MEDIUM This Month

When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Tcexam
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2021-20116 MEDIUM POC This Month

A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Tcexam
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-20115 MEDIUM POC This Month

A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Tcexam
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-20114 HIGH POC This Week

When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tcexam
NVD
CVSS 3.1
7.5
EPSS
6.0%
CVE-2021-20113 MEDIUM POC This Month

An exposure of sensitive information vulnerability exists in TCExam <= 14.8.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tcexam
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-20112 MEDIUM POC This Month

A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Tcexam
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-20111 MEDIUM POC This Month

A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Tcexam
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-5751 MEDIUM POC This Month

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted operator. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tcexam
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-5750 MEDIUM POC This Month

Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tcexam
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-5749 MEDIUM POC This Month

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted group. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tcexam
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-5748 MEDIUM POC This Month

Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tcexam
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-5747 MEDIUM POC This Month

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tcexam
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-5746 MEDIUM POC This Month

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tcexam
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-5745 HIGH POC This Week

Cross-site request forgery in TCExam 14.2.2 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Tcexam
NVD
CVSS 3.1
7.4
EPSS
0.8%
CVE-2020-5744 MEDIUM POC This Month

Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticated attacker to read the contents of arbitrary files on disk. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Tcexam
NVD
CVSS 3.1
4.9
EPSS
1.4%
CVE-2020-5743 MEDIUM POC This Month

Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they don't have permission. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tcexam
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2018-13422 MEDIUM This Month

TCExam before 14.1.2 has XSS via an ff_ or xl_ field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tcexam
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2012-4602 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in admin/code/tce_select_users_popup.php in Nicola Asuni TCExam before 11.3.009 allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Tcexam
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-4601 MEDIUM POC PATCH This Month

Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 11.3.009 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the (1). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available.

PHP SQLi Tcexam
NVD
CVSS 2.0
6.0
EPSS
0.3%
CVE-2012-4238 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008 allows remote authenticated users with level 5 or greater permissions to inject arbitrary web. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Tcexam
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2012-4237 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP SQLi Tcexam
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.5%
EPSS 0% CVSS 6.5
MEDIUM This Month

When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Tcexam
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Tcexam
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Tcexam
NVD
EPSS 6% CVSS 7.5
HIGH POC This Week

When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tcexam
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

An exposure of sensitive information vulnerability exists in TCExam <= 14.8.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tcexam
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Tcexam
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Tcexam
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted operator. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tcexam
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tcexam
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted group. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tcexam
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tcexam
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tcexam
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tcexam
NVD
EPSS 1% CVSS 7.4
HIGH POC This Week

Cross-site request forgery in TCExam 14.2.2 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Tcexam
NVD
EPSS 1% CVSS 4.9
MEDIUM POC This Month

Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticated attacker to read the contents of arbitrary files on disk. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Tcexam
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they don't have permission. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tcexam
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

TCExam before 14.1.2 has XSS via an ff_ or xl_ field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tcexam
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in admin/code/tce_select_users_popup.php in Nicola Asuni TCExam before 11.3.009 allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Tcexam
NVD
EPSS 0% CVSS 6.0
MEDIUM POC PATCH This Month

Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 11.3.009 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the (1). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available.

PHP SQLi Tcexam
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008 allows remote authenticated users with level 5 or greater permissions to inject arbitrary web. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Tcexam
NVD
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP SQLi Tcexam
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy