Shodan
Vulnerabilities
Vulnerable Software
Tecnick:  Security Vulnerabilities
CVE-2020-5748
Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature.
CVSS Score
6.1
EPSS Score
0.011
Published
2020-05-07
CVE-2020-5749
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted group.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-05-07
CVE-2020-5750
Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature.
CVSS Score
6.1
EPSS Score
0.013
Published
2020-05-07
CVE-2020-5751
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted operator.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-05-07
CVE-2020-5743
Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they don't have permission.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-05-07
CVE-2020-5744
Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticated attacker to read the contents of arbitrary files on disk.
CVSS Score
4.9
EPSS Score
0.003
Published
2020-05-07
CVE-2018-17057
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
CVSS Score
9.8
EPSS Score
0.397
Published
2018-09-14
CVE-2018-13422
TCExam before 14.1.2 has XSS via an ff_ or xl_ field.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-07-07
CVE-2012-4601
Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 11.3.009 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the (1) user_groups[] parameter to admin/code/tce_edit_test.php or (2) subject_id parameter to admin/code/tce_show_all_questions.php.
CVSS Score
6.0
EPSS Score
0.003
Published
2012-11-23
CVE-2012-4602
Multiple cross-site scripting (XSS) vulnerabilities in admin/code/tce_select_users_popup.php in Nicola Asuni TCExam before 11.3.009 allow remote attackers to inject arbitrary web script or HTML via the (1) cid or (2) uids parameter.
CVSS Score
4.3
EPSS Score
0.003
Published
2012-11-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved