Arbitrary Web Script Injection in Nicola Asuni TCExam before 11.3.009

Arbitrary Web Script Injection in Nicola Asuni TCExam before 11.3.009

CVE-2012-4602 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in admin/code/tce_select_users_popup.php in Nicola Asuni TCExam before 11.3.009 allow remote attackers to inject arbitrary web script or HTML via the (1) cid or (2) uids parameter.

Learn more about our Web App Pen Testing.