N/A

A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.3. The paths provided in the f, d, and dir parameters in tce_filemanager.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious link which, if triggered by an administrator, could result in the attacker hijacking the victim's session or performing actions on their behalf.

N/A

N/A

Tecnick.com TCExam 跨站脚本漏洞

Tecnick.com TCExam是英国Tecnick.com公司的一套基于Web的开源电子考试系统。该系统主要用于在线考试等。 Tecnick.com TCExam 存在安全漏洞，该漏洞源于在14.8.3版本之前的TCExam中存在一个反映的跨站点脚本漏洞，tce_filemanager.php 中的 f、d 和 dir 参数中提供的路径未正确验证，可能会通过提供的路径的未净化输出导致反射 XSS。。攻击者可利用该漏洞制造一个恶意链接，如果由管理员触发，则可能劫持受害者的会话或代表他们执行操作。

N/A

N/A