cbcvebase.

Tecnick Tcexam vulnerabilities

28 known vulnerabilities affecting tecnick/tcexam.

Total CVEs
28
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4MEDIUM20LOW3

Vulnerabilities

Page 2 of 2
CVE-2020-5749P4MEDIUMCVSS 5.4v14.2.22020-05-07
CVE-2020-5749 [MEDIUM] CWE-79 CVE-2020-5749: Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted group.
nvd
CVE-2020-5747P4MEDIUMCVSS 5.4v14.2.22020-05-07
CVE-2020-5747 [MEDIUM] CWE-79 CVE-2020-5747: Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test.
nvd
CVE-2020-5743P4MEDIUMCVSS 4.3v14.2.22020-05-07
CVE-2020-5743 [MEDIUM] CWE-639 CVE-2020-5743: Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they don't have permission.
nvd
CVE-2012-4602P4MEDIUMCVSS 4.3≤ 11.3.008v10.1.000+100 more2012-11-23
CVE-2012-4602 [MEDIUM] CWE-79 CVE-2012-4602: Multiple cross-site scripting (XSS) vulnerabilities in admin/code/tce_select_users_popup.php in Nico Multiple cross-site scripting (XSS) vulnerabilities in admin/code/tce_select_users_popup.php in Nicola Asuni TCExam before 11.3.009 allow remote attackers to inject arbitrary web script or HTML via the (1) cid or (2) uids parameter.
nvd
CVE-2011-3806P4MEDIUMCVSS 5.0v11.1.0152011-09-24
CVE-2011-3806 [MEDIUM] CWE-200 CVE-2011-3806: TCExam 11.1.015 allows remote attackers to obtain sensitive information via a direct request to a .p TCExam 11.1.015 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/code/tce_page_footer.php and certain other files.
nvd
CVE-2026-4168P4LOWCVSS 2.4v16.5.02026-03-16
CVE-2026-4168 [LOW] CWE-79 CVE-2026-4168: A vulnerability was identified in Tecnick TCExam 16.5.0. This impacts an unknown function of the fil A vulnerability was identified in Tecnick TCExam 16.5.0. This impacts an unknown function of the file /admin/code/tce_edit_group.php of the component Group Handler. Such manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit is publicly available and might be used. The presence of this vulnerabili
nvd
CVE-2026-4169P4LOWCVSS 2.4v16.0v16.1+5 more2026-03-16
CVE-2026-4169 [LOW] CWE-79 CVE-2026-4169: A security flaw has been discovered in Tecnick TCExam up to 16.6.0. Affected is the function F_xml_e A security flaw has been discovered in Tecnick TCExam up to 16.6.0. Affected is the function F_xml_export_users of the file admin/code/tce_xml_users.php of the component XML Export. Performing a manipulation results in cross site scripting. Remote exploitation of the attack is possible. There are still doubts about whether this vulnerability truly exists.
nvd
CVE-2012-4238P4LOWCVSS 2.1≤ 11.3.007v10.1.000+99 more2012-08-20
CVE-2012-4238 [LOW] CWE-79 CVE-2012-4238: Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008 Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008 allows remote authenticated users with level 5 or greater permissions to inject arbitrary web script or HTML via the question_subject_id parameter.
nvd
Tecnick Tcexam vulnerabilities | cvebase