Description

Multiple cross-site scripting (XSS) vulnerabilities in admin/code/tce_select_users_popup.php in Nicola Asuni TCExam before 11.3.009 allow remote attackers to inject arbitrary web script or HTML via the (1) cid or (2) uids parameter.

Remediation

References

CVE-2012-4602

Related Vulnerabilities

WordPress Plugin Pay With Tweet SQL Injection and Cross-Site Scripting Vulnerabilities (1.1)

WordPress Plugin Permalink Manager Lite SQL Injection (2.2.12)

MODX Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-8773)

WordPress Plugin WCFM Membership-WooCommerce Memberships for Multivendor Marketplace Privilege Escalation (2.10.0)

Oracle Database Server CVE-2021-2332 Vulnerability (CVE-2021-2332)

Severity

Medium

Classification

CVE-2012-4602 CWE-707

Tags

Missing Update Known Vulnerabilities