CVE-2021-20111
N/A
N/A
Summary
A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce_filemanager.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tce_filemanager.php could upload a malicious javascript payload which would be triggered when another user views the file.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | TCExam | 14.8.1 | affected |
Weaknesses
- Stored XSS
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.