← Back

CVE-2012-4238

nvd nist
Published: Aug 20, 2012Modified: Apr 29, 2026

JSON object

Loading...
2.1
Vector
AV:N/AC:H/Au:S/C:N/I:P/A:N
Exploitability: 3.9 / Impact: 2.9
Source: NVD

Description

Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008 allows remote authenticated users with level 5 or greater permissions to inject arbitrary web script or HTML via the question_subject_id parameter.

Affected (101)

Products: Tecnick: Tcexam
Tecnick
1 product
Tcexam
Configuration A
101 vulnerable
Vulnerable SoftwareAffected Versions
Tecnick
Tcexam
Up to 11.3.007
Tcexam
Version 10.1.000
Tcexam
Version 10.1.001
Tcexam
Version 10.1.002
Tcexam
Version 10.1.003
Tcexam
Version 10.1.004
Tcexam
Version 10.1.005
Tcexam
Version 10.1.006
Tcexam
Version 10.1.007
Tcexam
Version 10.1.008
Tcexam
Version 10.1.009
Tcexam
Version 10.1.010
Tcexam
Version 10.1.011
Tcexam
Version 10.1.012
Tcexam
Version 10.1.013
Tcexam
Version 11.0.000
Tcexam
Version 11.0.001
Tcexam
Version 11.0.002
Tcexam
Version 11.0.003
Tcexam
Version 11.0.004
Tcexam
Version 11.0.005
Tcexam
Version 11.0.006
Tcexam
Version 11.0.007
Tcexam
Version 11.0.008
Tcexam
Version 11.0.009
Tcexam
Version 11.0.010
Tcexam
Version 11.0.011
Tcexam
Version 11.0.012
Tcexam
Version 11.0.013
Tcexam
Version 11.0.014
Tcexam
Version 11.0.015
Tcexam
Version 11.0.016
Tcexam
Version 11.1.000
Tcexam
Version 11.1.001
Tcexam
Version 11.1.002
Tcexam
Version 11.1.003
Tcexam
Version 11.1.004
Tcexam
Version 11.1.005
Tcexam
Version 11.1.006
Tcexam
Version 11.1.007
Tcexam
Version 11.1.008
Tcexam
Version 11.1.009
Tcexam
Version 11.1.010
Tcexam
Version 11.1.011
Tcexam
Version 11.1.012
Tcexam
Version 11.1.013
Tcexam
Version 11.1.014
Tcexam
Version 11.1.015
Tcexam
Version 11.1.016
Tcexam
Version 11.1.017
Tcexam
Version 11.1.018
Tcexam
Version 11.1.019
Tcexam
Version 11.1.020
Tcexam
Version 11.1.021
Tcexam
Version 11.1.022
Tcexam
Version 11.1.023
Tcexam
Version 11.1.024
Tcexam
Version 11.1.025
Tcexam
Version 11.1.026
Tcexam
Version 11.1.027
Tcexam
Version 11.1.028
Tcexam
Version 11.1.029
Tcexam
Version 11.1.030
Tcexam
Version 11.1.031
Tcexam
Version 11.2.000
Tcexam
Version 11.2.001
Tcexam
Version 11.2.002
Tcexam
Version 11.2.003
Tcexam
Version 11.2.004
Tcexam
Version 11.2.005
Tcexam
Version 11.2.006
Tcexam
Version 11.2.007
Tcexam
Version 11.2.008
Tcexam
Version 11.2.010
Tcexam
Version 11.2.011
Tcexam
Version 11.2.012
Tcexam
Version 11.2.013
Tcexam
Version 11.2.014
Tcexam
Version 11.2.015
Tcexam
Version 11.2.016
Tcexam
Version 11.2.017
Tcexam
Version 11.2.018
Tcexam
Version 11.2.020
Tcexam
Version 11.2.021
Tcexam
Version 11.2.022
Tcexam
Version 11.2.023
Tcexam
Version 11.2.025
Tcexam
Version 11.2.026
Tcexam
Version 11.2.027
Tcexam
Version 11.2.028
Tcexam
Version 11.2.029
Tcexam
Version 11.2.030
Tcexam
Version 11.2.031
Tcexam
Version 11.2.032
Tcexam
Version 11.3.000
Tcexam
Version 11.3.001
Tcexam
Version 11.3.002
Tcexam
Version 11.3.003
Tcexam
Version 11.3.004
Tcexam
Version 11.3.005
Tcexam
Version 11.3.006

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (10)

Source: cve@mitre.org
Exploit
Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit

Timeline

No history available yet.