Description

Multiple cross-site scripting (XSS) vulnerabilities in admin/code/tce_select_users_popup.php in Nicola Asuni TCExam before 11.3.009 allow remote attackers to inject arbitrary web script or HTML via the (1) cid or (2) uids parameter.

Remediation

References

CVE-2012-4602

Related Vulnerabilities

Oracle Database Server CVE-2008-1816 Vulnerability (CVE-2008-1816)

WordPress Plugin WordPress Download Manager Cross-Site Request Forgery (2.9.60)

WordPress Plugin Gravity Upload Ajax Arbitrary File Upload (1.1)

WordPress Plugin Starter Templates-Elementor, WordPress & Beaver Builder Templates Cross-Site Request Forgery (3.1.20)

WordPress Plugin WP-OliveCart Multiple Vulnerabilities (3.1.2)

Severity

Medium

Classification

CVE-2012-4602 CWE-707

Tags

Missing Update Known Vulnerabilities