漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce_select_mediafile.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tce_select_mediafile.php could upload a malicious javascript payload which would be triggered when another user views the file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Tecnick.com TCExam 跨站脚本漏洞
Vulnerability Description
Tecnick.com TCExam是英国Tecnick.com公司的一套基于Web的开源电子考试系统。该系统主要用于在线考试等。 TCExam 存在跨站脚本漏洞,该漏洞源于tce_select_mediafile.php中对用户提供的数据验证不足。远程认证的攻击者可利用该漏洞在受影响用户的浏览器中注入并执行任意的HTML和脚本代码。
CVSS Information
N/A
Vulnerability Type
N/A