Description

Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008 allows remote authenticated users with level 5 or greater permissions to inject arbitrary web script or HTML via the question_subject_id parameter.

Remediation

References

CVE-2012-4238

Related Vulnerabilities

WordPress Plugin Flip Slideshow Cross-Site Scripting (2.2)

WordPress Plugin CAC Featured Content TimThumb Arbitrary File Upload (0.8)

Envoy Proxy Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2021-32781)

Serendipity Other Vulnerability (CVE-2005-1134)

WordPress Plugin My Category Order Cross-Site Scripting (4.3)

Severity

Low

Classification

CVE-2012-4238 CWE-707

Tags

Missing Update Known Vulnerabilities