Vulnerabilities > Tecnick

DATE CVE VULNERABILITY TITLE RISK
2021-08-05 CVE-2021-20115 Cross-site Scripting vulnerability in Tecnick Tcexam
A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.3.
network
tecnick CWE-79
4.3
2021-08-05 CVE-2021-20116 Cross-site Scripting vulnerability in Tecnick Tcexam
A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.4.
network
tecnick CWE-79
4.3
2021-07-30 CVE-2021-20111 Cross-site Scripting vulnerability in Tecnick Tcexam
A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1.
network
tecnick CWE-79
3.5
2021-07-30 CVE-2021-20112 Cross-site Scripting vulnerability in Tecnick Tcexam
A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1.
network
tecnick CWE-79
3.5
2021-07-30 CVE-2021-20113 Information Exposure Through Discrepancy vulnerability in Tecnick Tcexam
An exposure of sensitive information vulnerability exists in TCExam <= 14.8.1.
network
low complexity
tecnick CWE-203
5.0
2021-07-30 CVE-2021-20114 Information Exposure vulnerability in Tecnick Tcexam
When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files.
network
low complexity
tecnick CWE-200
5.0
2020-05-07 CVE-2020-5751 Cross-site Scripting vulnerability in Tecnick Tcexam 14.2.2
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted operator.
network
tecnick CWE-79
3.5
2020-05-07 CVE-2020-5750 Cross-site Scripting vulnerability in Tecnick Tcexam 14.2.2
Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature.
network
tecnick CWE-79
4.3
2020-05-07 CVE-2020-5749 Cross-site Scripting vulnerability in Tecnick Tcexam 14.2.2
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted group.
network
tecnick CWE-79
3.5
2020-05-07 CVE-2020-5748 Cross-site Scripting vulnerability in Tecnick Tcexam 14.2.2
Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature.
network
tecnick CWE-79
4.3