Vulnerabilities > Tecnick > Tcexam

DATE CVE VULNERABILITY TITLE RISK
2020-05-07 CVE-2020-5748 Cross-site Scripting vulnerability in Tecnick Tcexam 14.2.2
Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature.
network
tecnick CWE-79
4.3
4.3
2020-05-07 CVE-2020-5747 Cross-site Scripting vulnerability in Tecnick Tcexam 14.2.2
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test.
network
tecnick CWE-79
3.5
3.5
2020-05-07 CVE-2020-5746 Cross-site Scripting vulnerability in Tecnick Tcexam 14.2.2
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test.
network
tecnick CWE-79
3.5
3.5
2020-05-07 CVE-2020-5745 Cross-site Scripting vulnerability in Tecnick Tcexam 14.2.2
Cross-site request forgery in TCExam 14.2.2 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
network
tecnick CWE-79
4.3
4.3
2020-05-07 CVE-2020-5744 Path Traversal vulnerability in Tecnick Tcexam 14.2.2
Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticated attacker to read the contents of arbitrary files on disk.
network
low complexity
tecnick CWE-22
4.0
4.0
2020-05-07 CVE-2020-5743 Information Exposure vulnerability in Tecnick Tcexam 14.2.2
Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they don't have permission.
network
low complexity
tecnick CWE-200
4.0
4.0
2018-07-07 CVE-2018-13422 Cross-site Scripting vulnerability in Tecnick Tcexam
TCExam before 14.1.2 has XSS via an ff_ or xl_ field.
network
tecnick CWE-79
4.3
4.3
2011-09-24 CVE-2011-3806 Information Exposure vulnerability in Tecnick Tcexam 11.1.015
TCExam 11.1.015 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/code/tce_page_footer.php and certain other files.
network
low complexity
tecnick CWE-200
5.0
5.0
2010-06-03 CVE-2010-2153 Unspecified vulnerability in Tecnick Tcexam 10.1.006/10.1.007
Unrestricted file upload vulnerability in admin/code/tce_functions_tcecode_editor.php in TCExam 10.1.006 and 10.1.007 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in cache/.
network
tecnick
6.8
6.8