CVE-2012-4238

Sažetak

Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008 allows remote authenticated users with level 5 or greater permissions to inject arbitrary web script or HTML via the question_subject_id parameter.

Reference

http://www.reactionpenetrationtesting.co.uk/tcexam-cross-site-scripting.html
http://archives.neohapsis.com/archives/bugtraq/2012-08/0090.html
http://freecode.com/projects/tcexam/releases/347125
http://secunia.com/advisories/50141
http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam%3Bh=edf6e08622642f1b2421f4355d98250d9e1b0742

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:H/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

07-11-2023 - 02:11

Objavljeno

20-08-2012 - 20:55