TCExam 14.2.2 cross site scripting

Summaryinfo

A vulnerability marked as problematic has been reported in TCExam 14.2.2. Impacted is an unknown function. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2020-5745. The attack is possible to be carried out remotely. No exploit exists.

Detailsinfo

A vulnerability was found in TCExam 14.2.2. It has been rated as problematic. This issue affects an unknown code. The manipulation with an unknown input leads to a cross site scripting vulnerability. Using CWE to declare the problem leads to CWE-79. The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Impacted is integrity. The summary by CVE is:

Cross-site request forgery in TCExam 14.2.2 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.

The weakness was disclosed 05/07/2020. The identification of this vulnerability is CVE-2020-5745 since 01/06/2020. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1059.007 according to MITRE ATT&CK.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The entries VDB-154911, VDB-154910, VDB-154909 and VDB-154908 are pretty similar. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Name

• TCExam

Version

• 14.2.2

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Discussion