Multiple Cross-Site Scripting Vulnerabilities in Vendor Products
CVE-2025-23175
6.1MEDIUM
What is CVE-2025-23175?
This vulnerability encompasses multiple Cross-Site Scripting (XSS) flaws that can be exploited by attackers to inject malicious scripts into web pages viewed by users. As a result, sensitive information may be compromised, including cookies and session tokens. Targeted at Vendor products, these vulnerabilities pose a risk to both user data and application integrity, emphasizing the need for immediate attention and remediation.
Affected Version(s)
TCExam 16.3.2
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Guy Hayou