Cross-Site Scripting Vulnerability in TCExam by TCExam
CVE-2012-4238

Currently unrated

Key Information:

Vendor: Tecnick
Status: Tcexam
Vendor: CVE Published:; 20 August 2012

What is CVE-2012-4238?

The TCExam application presents a Cross-Site Scripting (XSS) vulnerability located in the 'admin/code/tce_edit_answer.php' file. This flaw allows remote authenticated users with elevated permissions (level 5 or greater) to inject arbitrary web scripts or HTML through the 'question_subject_id' parameter, potentially compromising the security of the application and its users. This affects TCExam versions prior to 11.3.008, and it is crucial for operators to apply relevant security updates to mitigate this risk.

References

http://www.reactionpenetrationtesting.co.uk/tcexam-cross-...

x_refsource_MISC

http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam...

x_refsource_CONFIRM

http://secunia.com/advisories/50141

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 20, 2012

Tecnick

What is CVE-2012-4238?

References

Timeline