CVE-2021-20112

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-20112
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20112.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-20112
Published
2021-07-30T14:15:14Z
Modified
2024-09-03T03:36:09.245313Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tceselectmediafile.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tceselectmediafile.php could upload a malicious javascript payload which would be triggered when another user views the file.

References

Affected packages

Git / github.com/tecnickcom/tcexam

Affected ranges

Type
GIT
Repo
https://github.com/tecnickcom/tcexam
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

12.*

12.0.013
12.0.014
12.1.000
12.1.001
12.1.002
12.1.003
12.1.004
12.1.005
12.1.006
12.1.007
12.1.008
12.1.009
12.1.010
12.1.011
12.1.012
12.1.013
12.1.014
12.1.015
12.1.016
12.1.017
12.1.018
12.1.019
12.1.020
12.1.021
12.1.022
12.1.023
12.1.024
12.1.025
12.1.026
12.1.027
12.1.28
12.1.29
12.1.30
12.2.0
12.2.1
12.2.2
12.2.3
12.2.4
12.2.5

13.*

13.0.1
13.0.2
13.1.1
13.2.0
13.2.1
13.3.0

14.*

14.0.0
14.0.1
14.0.2
14.0.3
14.1.0
14.1.10
14.1.11
14.1.12
14.1.13
14.1.14
14.1.15
14.1.2
14.1.3
14.1.4
14.1.5
14.1.6
14.1.7
14.1.8
14.1.9
14.2.1
14.2.2
14.2.3
14.3.0
14.3.1
14.3.2
14.4.0
14.4.1
14.5.0
14.5.1
14.5.2
14.6.0
14.7.0
14.8.0
14.8.1