TCExam 14.2.2 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) Vulnerability
TCExam 14.2.2 suffers from improper neutralization of input during web page generation (‘Cross-site Scripting’) vulnerability
The information has been provided by Nick Manfredi
The original article can be found at:https://www.tenable.com/security/research/tra-2020-31
Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature.