|
199821
|
6.1 |
MEDIUM
Network
|
tecnick
|
tcexam
|
Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5750
|
2024-11-21 14:34 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199822
|
5.4 |
MEDIUM
Network
|
tecnick
|
tcexam
|
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted group.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5749
|
2024-11-21 14:34 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199823
|
6.1 |
MEDIUM
Network
|
tecnick
|
tcexam
|
Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5748
|
2024-11-21 14:34 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199824
|
5.4 |
MEDIUM
Network
|
tecnick
|
tcexam
|
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5747
|
2024-11-21 14:34 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199825
|
5.4 |
MEDIUM
Network
|
tecnick
|
tcexam
|
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5746
|
2024-11-21 14:34 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199826
|
7.4 |
HIGH
Network
|
tecnick
|
tcexam
|
Cross-site request forgery in TCExam 14.2.2 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
|
CWE-352
Origin Validation Error
|
CVE-2020-5745
|
2024-11-21 14:34 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199827
|
4.9 |
MEDIUM
Network
|
tecnick
|
tcexam
|
Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticated attacker to read the contents of arbitrary files on disk.
|
CWE-22
Path Traversal
|
CVE-2020-5744
|
2024-11-21 14:34 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199828
|
4.3 |
MEDIUM
Network
|
tecnick
|
tcexam
|
Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they don't have permission.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-5743
|
2024-11-21 14:34 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199829
|
7.8 |
HIGH
Local
|
f5
|
nginx_controller
|
On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the s…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-5895
|
2024-11-21 14:34 |
2020-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199830
|
8.1 |
HIGH
Network
|
f5
|
nginx_controller
|
On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out.
|
CWE-384
Session Fixation
|
CVE-2020-5894
|
2024-11-21 14:34 |
2020-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
