Cross-Site Scripting Vulnerability in TCExam by TCExam
CVE-2020-5746

5.4MEDIUM

Key Information:

Vendor

Tecnick

Status
Tcexam
Vendor
CVE Published:
7 May 2020

What is CVE-2020-5746?

A security vulnerability in TCExam version 14.2.2 arises from insufficient output sanitization, enabling remote, authenticated attackers to execute persistent cross-site scripting (XSS) attacks. This occurs when attackers can craft and inject malicious scripts through specially designed tests, potentially compromising users' sessions and data integrity. Such vulnerabilities pose significant risks, especially when exploited in environments managing sensitive or personal information.

Affected Version(s)

TCExam 14.2.2

References

https://www.tenable.com/security/research/tra-2020-31
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2020-5746 : Cross-Site Scripting Vulnerability in TCExam by TCExam