TCExam 14.2.2 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) Vulnerability

Summary

TCExam 14.2.2 suffers from improper neutralization of input during web page generation (‘Cross-site Scripting’) vulnerability

Credit:

The information has been provided by Nick Manfredi

The original article can be found at:https://www.tenable.com/security/research/tra-2020-31


Details

Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature.

 

Vulnerable Systems:

TCExam 14.2.2

 

CVE Information:

CVE-2020-5750

 

Disclosure Timeline:
Published Date:5/7/2020

Categories: News