CVE-2020-5747

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-5747

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-5747.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-5747

Published

2020-05-07T17:15:12.120Z

Modified

2026-03-14T10:32:03.307200Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test.

References

https://www.tenable.com/security/research/tra-2020-31

Affected packages

Git / github.com/tecnickcom/tcexam

Affected ranges

Type

GIT

Repo

https://github.com/tecnickcom/tcexam

Events

Introduced

Last affected

a84d81617b45538a32a46d7ef456a01f4e21e2fa

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "14.2.2"
        }
    ]
}

Affected versions

12.*

12.0.013

12.0.014

12.1.000

12.1.001

12.1.002

12.1.003

12.1.004

12.1.005

12.1.006

12.1.007

12.1.008

12.1.009

12.1.010

12.1.011

12.1.012

12.1.013

12.1.014

12.1.015

12.1.016

12.1.017

12.1.018

12.1.019

12.1.020

12.1.021

12.1.022

12.1.023

12.1.024

12.1.025

12.1.026

12.1.027

12.1.28

12.1.29

12.1.30

12.2.0

12.2.1

12.2.2

12.2.3

12.2.4

12.2.5

13.*

13.0.1

13.0.2

13.1.1

13.2.0

13.2.1

13.3.0

14.*

14.0.0

14.0.1

14.0.2

14.0.3

14.1.0

14.1.10

14.1.11

14.1.12

14.1.13

14.1.14

14.1.15

14.1.2

14.1.3

14.1.4

14.1.5

14.1.6

14.1.7

14.1.8

14.1.9

14.2.1

14.2.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-5747.json"