Persistent Cross-Site Scripting in TCExam by TCExam Group
CVE-2020-5749
5.4MEDIUM
What is CVE-2020-5749?
A flaw in TCExam version 14.2.2 due to insufficient output sanitization enables remote, authenticated attackers to perform persistent cross-site scripting (XSS) attacks. This could lead to unauthorized actions being executed on behalf of users who view maliciously crafted content, compromising user data and system integrity.
Affected Version(s)
TCExam 14.2.2
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved