CVE-2021-20115

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-20115
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20115.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-20115
Published
2021-08-05T21:15:10Z
Modified
2024-09-03T03:36:13.701902Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.3. The paths provided in the f, d, and dir parameters in tce_filemanager.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious link which, if triggered by an administrator, could result in the attacker hijacking the victim's session or performing actions on their behalf.

References

Affected packages

Git / github.com/tecnickcom/tcexam

Affected ranges

Type
GIT
Repo
https://github.com/tecnickcom/tcexam
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

12.*

12.0.013
12.0.014
12.1.000
12.1.001
12.1.002
12.1.003
12.1.004
12.1.005
12.1.006
12.1.007
12.1.008
12.1.009
12.1.010
12.1.011
12.1.012
12.1.013
12.1.014
12.1.015
12.1.016
12.1.017
12.1.018
12.1.019
12.1.020
12.1.021
12.1.022
12.1.023
12.1.024
12.1.025
12.1.026
12.1.027
12.1.28
12.1.29
12.1.30
12.2.0
12.2.1
12.2.2
12.2.3
12.2.4
12.2.5

13.*

13.0.1
13.0.2
13.1.1
13.2.0
13.2.1
13.3.0

14.*

14.0.0
14.0.1
14.0.2
14.0.3
14.1.0
14.1.10
14.1.11
14.1.12
14.1.13
14.1.14
14.1.15
14.1.2
14.1.3
14.1.4
14.1.5
14.1.6
14.1.7
14.1.8
14.1.9
14.2.1
14.2.2
14.2.3
14.3.0
14.3.1
14.3.2
14.4.0
14.4.1
14.5.0
14.5.1
14.5.2
14.6.0
14.7.0
14.8.0
14.8.1
14.8.2
14.8.3