XSS Vulnerabilities in Nicola Asuni TCExam by Nicola Asuni
CVE-2012-4602

Currently unrated

Key Information:

Vendor

Tecnick

Status
Tcexam
Vendor
CVE Published:
23 November 2012

What is CVE-2012-4602?

Multiple cross-site scripting (XSS) vulnerabilities exist in the admin interface of TCExam prior to version 11.3.009. These vulnerabilities allow attackers to inject arbitrary web scripts or HTML into the application via the 'cid' or 'uids' parameters. This could lead to significant security issues, including unauthorized access to sensitive information or execution of malicious scripts in the context of an authenticated user. It's crucial for users of affected versions to apply available patches or update to the latest version to mitigate potential risks.

References

http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam...
x_refsource_CONFIRM
http://secunia.com/advisories/50539
third-party-advisoryx_refsource_SECUNIA
https://www.htbridge.com/advisory/HTB23111
x_refsource_MISC

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.
CVE-2012-4602 : XSS Vulnerabilities in Nicola Asuni TCExam by Nicola Asuni