Description
Multiple cross-site scripting (XSS) vulnerabilities in admin/code/tce_select_users_popup.php in Nicola Asuni TCExam before 11.3.009 allow remote attackers to inject arbitrary web script or HTML via the (1) cid or (2) uids parameter.
Remediation
References
Related Vulnerabilities
Django Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-9014)
SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-1443)
MySQL CVE-2020-2897 Vulnerability (CVE-2020-2897)
WordPress Plugin Survey Maker-Best WordPress Survey SQL Injection (3.1.1)
WordPress Plugin WP Ad Guru Lite Cross-Site Scripting (1.6.0)