CVE-2021-20116: XSS
First published: Thu Aug 05 2021(Updated: )
A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.4. The paths provided in the f, d, and dir parameters in tce_select_mediafile.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious link which, if triggered by an administrator, could result in the attacker hijacking the victim's session or performing actions on their behalf.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tecnick Tcexam | <=14.8.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this TCExam vulnerability?
The vulnerability ID for this TCExam vulnerability is CVE-2021-20116.
What is the severity level of CVE-2021-20116?
CVE-2021-20116 has a severity level of medium (6.1).
What software versions are affected by CVE-2021-20116?
CVE-2021-20116 affects TCExam versions up to and including 14.8.4.
How does the vulnerability in tce_select_mediafile.php manifest?
The vulnerability in tce_select_mediafile.php manifests as a reflected cross-site scripting (XSS) vulnerability.
Is there a fix available for CVE-2021-20116?
Yes, a fix is available for CVE-2021-20116. It is recommended to update to a version beyond 14.8.4.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- agent/softwarecombine
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/tecnick
- canonical/tecnick tcexam
- version/tecnick tcexam/14.8.4