Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce_filemanager.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tce_filemanager.php could upload a malicious javascript payload which would be triggered when another user views the file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Tecnick.com TCExam 跨站脚本漏洞
Vulnerability Description
Tecnick.com TCExam是英国Tecnick.com公司的一套基于Web的开源电子考试系统。该系统主要用于在线考试等。 TCExam 存在跨站脚本漏洞,该漏洞源于。该漏洞的存在是由于tce_filemanager.php对用户提供的数据验证不足。远程认证的攻击者可利用该漏洞在受影响的用户的浏览器中注入并执行任意的HTML和脚本代码。
CVSS Information
N/A
Vulnerability Type
N/A