XSS in Tecnick Tcexam

CVE-2012-4602

Multiple cross-site scripting (XSS) vulnerabilities in admin/code/tce_select_users_popup.php in Nicola Asuni TCExam before 11.3.009 allow remote attackers to inject arbitrary web script or HTML via the (1) cid or (2) uids parameter.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.004 (58.9th percentile) — read the EPSS interpretation.

Affected products

Tecnick Tcexam — versions 10.1.000, 10.1.001, 10.1.002
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

cve@mitre.org (x_refsource_CONFIRM)
50539 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM)