Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature.
CVSS Score
6.1
EPSS Score
0.011
Published
2020-05-07
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted group.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-05-07
Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature.
CVSS Score
6.1
EPSS Score
0.013
Published
2020-05-07
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted operator.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-05-07
Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they don't have permission.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-05-07
Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticated attacker to read the contents of arbitrary files on disk.
CVSS Score
4.9
EPSS Score
0.003
Published
2020-05-07
Page 2