Cross-Site Scripting Vulnerability in TCExam by Tecnick
CVE-2018-13422

6.1MEDIUM

Key Information:

Vendor: Tecnick
Status: Tcexam
Vendor: CVE Published:; 7 July 2018

What is CVE-2018-13422?

TCExam versions prior to 14.1.2 are susceptible to a Cross-Site Scripting (XSS) vulnerability that can be exploited through the manipulation of ff_ or xl_ fields. This flaw allows an attacker to inject malicious scripts into web pages viewed by other users, potentially compromising their data and user sessions. It is crucial for users of TCExam to update to the latest version to mitigate this security risk.

References

https://github.com/tecnickcom/tcexam/pull/223

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jul 7, 2018