A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.3. The paths provided in the f, d, and dir parameters in tce_filemanager.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious link which, if triggered by an administrator, could result in the attacker hijacking the victim's session or performing actions on their behalf.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: tenable

Published: 2021-08-05T20:38:20

Updated: 2024-08-03T17:30:07.373Z

Reserved: 2020-12-17T00:00:00

Link: CVE-2021-20115

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-08-05T21:15:10.200

Modified: 2024-11-21T05:45:57.080

Link: CVE-2021-20115

cve-icon Redhat

No data.