Back to search
CVE-2021-20116
Published: Aug 5, 2021
Modified: Aug 3, 2024
PUBLISHED
Description
A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.4. The paths provided in the f, d, and dir parameters in tce_select_mediafile.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious link which, if triggered by an administrator, could result in the attacker hijacking the victim's session or performing actions on their behalf.
| Vendor | Product | Versions |
|---|---|---|
n/a | TCExam | affected <= 14.8.4 |
References
https://www.tenable.com/security/research/tra-2021-32
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now