CVE-2012-4238 - Vulnerability Details

Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008 allows remote authenticated users with level 5 or greater permissions to inject arbitrary web script or HTML via the question_subject_id parameter.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:H/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tecnick	Tcexam

Configuration 1 [-]

OR	cpe:2.3:a:tecnick:tcexam::::::::
	cpe:2.3:a:tecnick:tcexam:10.1.000:::::::*
	cpe:2.3:a:tecnick:tcexam:10.1.001:::::::*
	cpe:2.3:a:tecnick:tcexam:10.1.002:::::::*
	cpe:2.3:a:tecnick:tcexam:10.1.003:::::::*
	cpe:2.3:a:tecnick:tcexam:10.1.004:::::::*
	cpe:2.3:a:tecnick:tcexam:10.1.005:::::::*
	cpe:2.3:a:tecnick:tcexam:10.1.006:::::::*
	cpe:2.3:a:tecnick:tcexam:10.1.007:::::::*
	cpe:2.3:a:tecnick:tcexam:10.1.008:::::::*
	cpe:2.3:a:tecnick:tcexam:10.1.009:::::::*
	cpe:2.3:a:tecnick:tcexam:10.1.010:::::::*
	cpe:2.3:a:tecnick:tcexam:10.1.011:::::::*
	cpe:2.3:a:tecnick:tcexam:10.1.012:::::::*
	cpe:2.3:a:tecnick:tcexam:10.1.013:::::::*
	cpe:2.3:a:tecnick:tcexam:11.0.000:::::::*
	cpe:2.3:a:tecnick:tcexam:11.0.001:::::::*
	cpe:2.3:a:tecnick:tcexam:11.0.002:::::::*
	cpe:2.3:a:tecnick:tcexam:11.0.003:::::::*
	cpe:2.3:a:tecnick:tcexam:11.0.004:::::::*
	cpe:2.3:a:tecnick:tcexam:11.0.005:::::::*
	cpe:2.3:a:tecnick:tcexam:11.0.006:::::::*
	cpe:2.3:a:tecnick:tcexam:11.0.007:::::::*
	cpe:2.3:a:tecnick:tcexam:11.0.008:::::::*
	cpe:2.3:a:tecnick:tcexam:11.0.009:::::::*
	cpe:2.3:a:tecnick:tcexam:11.0.010:::::::*
	cpe:2.3:a:tecnick:tcexam:11.0.011:::::::*
	cpe:2.3:a:tecnick:tcexam:11.0.012:::::::*
	cpe:2.3:a:tecnick:tcexam:11.0.013:::::::*
	cpe:2.3:a:tecnick:tcexam:11.0.014:::::::*
	cpe:2.3:a:tecnick:tcexam:11.0.015:::::::*
	cpe:2.3:a:tecnick:tcexam:11.0.016:::::::*
	cpe:2.3:a:tecnick:tcexam:11.1.000:::::::*
	cpe:2.3:a:tecnick:tcexam:11.1.001:::::::*
	cpe:2.3:a:tecnick:tcexam:11.1.002:::::::*
	cpe:2.3:a:tecnick:tcexam:11.1.003:::::::*
	cpe:2.3:a:tecnick:tcexam:11.1.004:::::::*
	cpe:2.3:a:tecnick:tcexam:11.1.005:::::::*
	cpe:2.3:a:tecnick:tcexam:11.1.006:::::::*
	cpe:2.3:a:tecnick:tcexam:11.1.007:::::::*
	cpe:2.3:a:tecnick:tcexam:11.1.008:::::::*
	cpe:2.3:a:tecnick:tcexam:11.1.009:::::::*
	cpe:2.3:a:tecnick:tcexam:11.1.010:::::::*
	cpe:2.3:a:tecnick:tcexam:11.1.011:::::::*
	cpe:2.3:a:tecnick:tcexam:11.1.012:::::::*
	cpe:2.3:a:tecnick:tcexam:11.1.013:::::::*
	cpe:2.3:a:tecnick:tcexam:11.1.014:::::::*
	cpe:2.3:a:tecnick:tcexam:11.1.015:::::::*
	cpe:2.3:a:tecnick:tcexam:11.1.016:::::::*
	cpe:2.3:a:tecnick:tcexam:11.1.017:::::::*
	cpe:2.3:a:tecnick:tcexam:11.1.018:::::::*
	cpe:2.3:a:tecnick:tcexam:11.1.019:::::::*
	cpe:2.3:a:tecnick:tcexam:11.1.020:::::::*
	cpe:2.3:a:tecnick:tcexam:11.1.021:::::::*
	cpe:2.3:a:tecnick:tcexam:11.1.022:::::::*
	cpe:2.3:a:tecnick:tcexam:11.1.023:::::::*
	cpe:2.3:a:tecnick:tcexam:11.1.024:::::::*
	cpe:2.3:a:tecnick:tcexam:11.1.025:::::::*
	cpe:2.3:a:tecnick:tcexam:11.1.026:::::::*
	cpe:2.3:a:tecnick:tcexam:11.1.027:::::::*
	cpe:2.3:a:tecnick:tcexam:11.1.028:::::::*
	cpe:2.3:a:tecnick:tcexam:11.1.029:::::::*
	cpe:2.3:a:tecnick:tcexam:11.1.030:::::::*
	cpe:2.3:a:tecnick:tcexam:11.1.031:::::::*
cpe:2.3:a:tecnick:tcexam:11.2.000:::::::*
cpe:2.3:a:tecnick:tcexam:11.2.001:::::::*
cpe:2.3:a:tecnick:tcexam:11.2.002:::::::*
cpe:2.3:a:tecnick:tcexam:11.2.003:::::::*
cpe:2.3:a:tecnick:tcexam:11.2.004:::::::*
cpe:2.3:a:tecnick:tcexam:11.2.005:::::::*
cpe:2.3:a:tecnick:tcexam:11.2.006:::::::*
cpe:2.3:a:tecnick:tcexam:11.2.007:::::::*
cpe:2.3:a:tecnick:tcexam:11.2.008:::::::*
cpe:2.3:a:tecnick:tcexam:11.2.010:::::::*
cpe:2.3:a:tecnick:tcexam:11.2.011:::::::*
cpe:2.3:a:tecnick:tcexam:11.2.012:::::::*
cpe:2.3:a:tecnick:tcexam:11.2.013:::::::*
cpe:2.3:a:tecnick:tcexam:11.2.014:::::::*
cpe:2.3:a:tecnick:tcexam:11.2.015:::::::*
cpe:2.3:a:tecnick:tcexam:11.2.016:::::::*
cpe:2.3:a:tecnick:tcexam:11.2.017:::::::*
cpe:2.3:a:tecnick:tcexam:11.2.018:::::::*
cpe:2.3:a:tecnick:tcexam:11.2.020:::::::*
cpe:2.3:a:tecnick:tcexam:11.2.021:::::::*
cpe:2.3:a:tecnick:tcexam:11.2.022:::::::*
cpe:2.3:a:tecnick:tcexam:11.2.023:::::::*
cpe:2.3:a:tecnick:tcexam:11.2.025:::::::*
cpe:2.3:a:tecnick:tcexam:11.2.026:::::::*
cpe:2.3:a:tecnick:tcexam:11.2.027:::::::*
cpe:2.3:a:tecnick:tcexam:11.2.028:::::::*
cpe:2.3:a:tecnick:tcexam:11.2.029:::::::*
cpe:2.3:a:tecnick:tcexam:11.2.030:::::::*
cpe:2.3:a:tecnick:tcexam:11.2.031:::::::*
cpe:2.3:a:tecnick:tcexam:11.2.032:::::::*
cpe:2.3:a:tecnick:tcexam:11.3.000:::::::*
cpe:2.3:a:tecnick:tcexam:11.3.001:::::::*
cpe:2.3:a:tecnick:tcexam:11.3.002:::::::*
cpe:2.3:a:tecnick:tcexam:11.3.003:::::::*
cpe:2.3:a:tecnick:tcexam:11.3.004:::::::*
cpe:2.3:a:tecnick:tcexam:11.3.005:::::::*
cpe:2.3:a:tecnick:tcexam:11.3.006:::::::*

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/bugtraq/2012-08/0090.html
http://freecode.com/projects/tcexam/releases/347125
http://secunia.com/advisories/50141
http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam%3Bh=edf6e08622642f1b2421f4355d98250d9e1b0742
http://www.reactionpenetrationtesting.co.uk/tcexam-cross-site-scripting.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-08-20T20:00:00Z

Updated: 2024-09-16T17:14:13.321Z

Reserved: 2012-08-09T00:00:00Z

Link: CVE-2012-4238

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-08-20T20:55:03.940

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-4238

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008 allows remote authenticated users with level 5 or greater permissions to inject arbitrary web script or HTML via the question_subject_id parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-08-20T20:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.reactionpenetrationtesting.co.uk/tcexam-cross-site-scripting.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam%3Bh=edf6e08622642f1b2421f4355d98250d9e1b0742"}, {"name": "50141", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50141"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://freecode.com/projects/tcexam/releases/347125"}, {"name": "20120813 TCExam Edit Cross-Site Scripting", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-08/0090.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4238", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008 allows remote authenticated users with level 5 or greater permissions to inject arbitrary web script or HTML via the question_subject_id parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.reactionpenetrationtesting.co.uk/tcexam-cross-site-scripting.html", "refsource": "MISC", "url": "http://www.reactionpenetrationtesting.co.uk/tcexam-cross-site-scripting.html"}, {"name": "http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam;h=edf6e08622642f1b2421f4355d98250d9e1b0742", "refsource": "CONFIRM", "url": "http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam;h=edf6e08622642f1b2421f4355d98250d9e1b0742"}, {"name": "50141", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50141"}, {"name": "http://freecode.com/projects/tcexam/releases/347125", "refsource": "CONFIRM", "url": "http://freecode.com/projects/tcexam/releases/347125"}, {"name": "20120813 TCExam Edit Cross-Site Scripting", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-08/0090.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:28:07.602Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.reactionpenetrationtesting.co.uk/tcexam-cross-site-scripting.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam%3Bh=edf6e08622642f1b2421f4355d98250d9e1b0742"}, {"name": "50141", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/50141"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://freecode.com/projects/tcexam/releases/347125"}, {"name": "20120813 TCExam Edit Cross-Site Scripting", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-08/0090.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-4238", "datePublished": "2012-08-20T20:00:00Z", "dateReserved": "2012-08-09T00:00:00Z", "dateUpdated": "2024-09-16T17:14:13.321Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tecnick:tcexam:*:*:*:*:*:*:*:*", "matchCriteriaId": "09D1E543-55AC-4488-AEF6-BAF17C428A75", "versionEndIncluding": "11.3.007", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:10.1.000:*:*:*:*:*:*:*", "matchCriteriaId": "7287E93F-9B5A-4A4F-A0F3-BA61F229337D", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:10.1.001:*:*:*:*:*:*:*", "matchCriteriaId": "DE304D45-FE2F-4B44-A74F-89EDD949E08B", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:10.1.002:*:*:*:*:*:*:*", "matchCriteriaId": "4659BFFA-C0D4-4157-9FE9-95E75DF98DBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:10.1.003:*:*:*:*:*:*:*", "matchCriteriaId": "06774079-FBA2-4CFB-952E-F9D6EBC99E9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:10.1.004:*:*:*:*:*:*:*", "matchCriteriaId": "3632C110-123E-42FB-B885-86AC0496A840", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:10.1.005:*:*:*:*:*:*:*", "matchCriteriaId": "3C0E7752-888C-4103-BA46-0688A6940FF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:10.1.006:*:*:*:*:*:*:*", "matchCriteriaId": "0DBCCBE8-6E31-4214-A8F2-7740CF8CFC59", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:10.1.007:*:*:*:*:*:*:*", "matchCriteriaId": "78E43A8F-11C8-475A-B278-E66BD2D0BEED", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:10.1.008:*:*:*:*:*:*:*", "matchCriteriaId": "2CEFF0BC-3282-4EEC-B648-D7FB66687A22", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:10.1.009:*:*:*:*:*:*:*", "matchCriteriaId": "2820AE77-E25C-4DBD-B26A-00A5F4190AA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:10.1.010:*:*:*:*:*:*:*", "matchCriteriaId": "2C7E4A66-24A5-441B-BCFA-1BF795E842EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:10.1.011:*:*:*:*:*:*:*", "matchCriteriaId": "17D047F5-C69A-4E0D-8BF8-23FE201FBB13", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:10.1.012:*:*:*:*:*:*:*", "matchCriteriaId": "7842126B-A64F-41A0-A4B5-E52CF552CFBC", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:10.1.013:*:*:*:*:*:*:*", "matchCriteriaId": "E1E25193-4968-40FE-BA54-2C0E25DB0F15", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.0.000:*:*:*:*:*:*:*", "matchCriteriaId": "513E6FB7-1B5B-4F5D-8F36-508C2472715F", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.0.001:*:*:*:*:*:*:*", "matchCriteriaId": "D5D89D08-EECF-4C81-9E94-911B1A2370D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.0.002:*:*:*:*:*:*:*", "matchCriteriaId": "6726BE74-A015-4936-B5B9-85EA080222C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.0.003:*:*:*:*:*:*:*", "matchCriteriaId": "97AC229D-0885-45D3-A780-C29E21663D33", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.0.004:*:*:*:*:*:*:*", "matchCriteriaId": "4CE5A37B-6EC8-4790-AA80-4F1948B657FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.0.005:*:*:*:*:*:*:*", "matchCriteriaId": "9DBF0674-291C-4793-8CBA-A0B2C09BD0BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.0.006:*:*:*:*:*:*:*", "matchCriteriaId": "DC62D410-2928-489D-B297-9EC831A1C53E", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.0.007:*:*:*:*:*:*:*", "matchCriteriaId": "CC254B57-3DAB-4EDE-A852-627AEDBC7AFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.0.008:*:*:*:*:*:*:*", "matchCriteriaId": "8DD2B624-838B-4832-9965-1DBB876F5A75", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.0.009:*:*:*:*:*:*:*", "matchCriteriaId": "8DFF2AAB-59BB-4ED7-AC95-44C96DB1080A", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.0.010:*:*:*:*:*:*:*", "matchCriteriaId": "115D55DB-8751-41B3-A600-78519A460650", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.0.011:*:*:*:*:*:*:*", "matchCriteriaId": "1CD38E1D-F056-4882-848C-58173731AA7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.0.012:*:*:*:*:*:*:*", "matchCriteriaId": "CB7B398D-9665-4DF8-9099-F0DA551E0948", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.0.013:*:*:*:*:*:*:*", "matchCriteriaId": "56B37604-4480-436B-B159-0A947A1BAC19", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.0.014:*:*:*:*:*:*:*", "matchCriteriaId": "4DF176B7-EF7E-43FB-8F92-BD6112FD1009", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.0.015:*:*:*:*:*:*:*", "matchCriteriaId": "CE9A4527-F17F-4C2A-B3CE-58059903C091", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.0.016:*:*:*:*:*:*:*", "matchCriteriaId": "14C26608-F7C4-4809-AA66-E03DEBC9E858", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.1.000:*:*:*:*:*:*:*", "matchCriteriaId": "391AF446-5D84-41DE-A102-F17E2674DB53", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.1.001:*:*:*:*:*:*:*", "matchCriteriaId": "40AB17EC-85A6-431D-A104-0592FD83DA0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.1.002:*:*:*:*:*:*:*", "matchCriteriaId": "1457CD43-32D3-4A07-AE32-863661002BE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.1.003:*:*:*:*:*:*:*", "matchCriteriaId": "78C75386-A50D-48CF-8127-221B9BB8A405", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.1.004:*:*:*:*:*:*:*", "matchCriteriaId": "1947F0AC-4542-43C3-A7CA-268E8981CFF8", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.1.005:*:*:*:*:*:*:*", "matchCriteriaId": "87A6F355-E90C-45F5-924A-2E273C17A77A", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.1.006:*:*:*:*:*:*:*", "matchCriteriaId": "CA3C3DED-3F50-450F-89B5-4D926FAB7B06", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.1.007:*:*:*:*:*:*:*", "matchCriteriaId": "0C7D7F46-F2FA-41E0-BCD3-0B32CC64F657", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.1.008:*:*:*:*:*:*:*", "matchCriteriaId": "CBFF8EC6-6ADA-4B8A-ACE6-4F00107F2D48", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.1.009:*:*:*:*:*:*:*", "matchCriteriaId": "0E643379-E31F-4C0C-92EB-C347D668191D", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.1.010:*:*:*:*:*:*:*", "matchCriteriaId": "8FC974BF-33A5-4F6A-AF65-40E9A56DDCC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.1.011:*:*:*:*:*:*:*", "matchCriteriaId": "249FE485-F3CD-45C7-8B21-786F6D50851A", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.1.012:*:*:*:*:*:*:*", "matchCriteriaId": "628F72CC-306E-4CF8-9E8D-15CA2482D600", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.1.013:*:*:*:*:*:*:*", "matchCriteriaId": "AF5E1468-0680-4CB2-8675-4722A8560607", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.1.014:*:*:*:*:*:*:*", "matchCriteriaId": "62DECE89-EF33-49AC-869F-C3094596A451", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.1.015:*:*:*:*:*:*:*", "matchCriteriaId": "CE2FF621-4ABC-4C9A-82A3-8151BADE4810", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.1.016:*:*:*:*:*:*:*", "matchCriteriaId": "FECCD319-5F1C-4F47-867D-F12925E9AB49", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.1.017:*:*:*:*:*:*:*", "matchCriteriaId": "33BF558B-6E25-4A19-A794-5ED34E110B17", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.1.018:*:*:*:*:*:*:*", "matchCriteriaId": "0EC31BE4-D779-400A-BFAE-99F2EE4AE094", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.1.019:*:*:*:*:*:*:*", "matchCriteriaId": "D15CD910-BE87-4BA0-B7A7-BC36D8C48EF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.1.020:*:*:*:*:*:*:*", "matchCriteriaId": "7A7C1FC6-02C3-4BC5-9A37-6B66F4326CC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.1.021:*:*:*:*:*:*:*", "matchCriteriaId": "2E218333-6250-484A-8829-3649CC1863C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.1.022:*:*:*:*:*:*:*", "matchCriteriaId": "0ACF3998-A87D-4F00-846D-3698BD709B29", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.1.023:*:*:*:*:*:*:*", "matchCriteriaId": "BCD3F95E-0212-4E82-86C4-5771EA5E623A", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.1.024:*:*:*:*:*:*:*", "matchCriteriaId": "3CBC784A-4418-4B71-BB80-291B10063ACF", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.1.025:*:*:*:*:*:*:*", "matchCriteriaId": "83B4FEEA-1BEC-4911-86E3-0AE963ADE644", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.1.026:*:*:*:*:*:*:*", "matchCriteriaId": "C95867CE-CC40-4437-95CE-FE48F12857FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.1.027:*:*:*:*:*:*:*", "matchCriteriaId": "85FCB6DF-4F02-4708-B256-4D28EEED7F54", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.1.028:*:*:*:*:*:*:*", "matchCriteriaId": "01EA4845-0D85-4B97-A845-9F219E3964AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.1.029:*:*:*:*:*:*:*", "matchCriteriaId": "F05DADC0-C60C-40DA-972E-7A49A499F620", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.1.030:*:*:*:*:*:*:*", "matchCriteriaId": "A8BB8A45-6110-4EFD-84EF-CEF631AED597", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.1.031:*:*:*:*:*:*:*", "matchCriteriaId": "18884A2F-9BAD-4EEC-89CC-0BB7F4AEF187", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.2.000:*:*:*:*:*:*:*", "matchCriteriaId": "690F53C2-AACF-4E4E-AECE-E704ABBE13DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.2.001:*:*:*:*:*:*:*", "matchCriteriaId": "E663B808-656C-4BB5-B3BB-552646FEE34E", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.2.002:*:*:*:*:*:*:*", "matchCriteriaId": "24F23425-542D-4F24-A333-8F145C4F3D12", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.2.003:*:*:*:*:*:*:*", "matchCriteriaId": "E1051C25-22AA-46DE-95F7-E6BC2CD6132D", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.2.004:*:*:*:*:*:*:*", "matchCriteriaId": "08F962B2-C68F-439A-A20C-D57D846A70C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.2.005:*:*:*:*:*:*:*", "matchCriteriaId": "4A75BABD-BE4F-4F7E-AFF4-1967B0B1BF9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.2.006:*:*:*:*:*:*:*", "matchCriteriaId": "D7509949-207F-4938-B376-949C973AC1DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.2.007:*:*:*:*:*:*:*", "matchCriteriaId": "1B9A489B-E4DD-4179-893D-48E929CAFAFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.2.008:*:*:*:*:*:*:*", "matchCriteriaId": "C47C0F2F-1EE3-404A-A003-C8F9F506C6BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.2.010:*:*:*:*:*:*:*", "matchCriteriaId": "EF152B01-2906-4E6A-81BD-AF4F603E7BE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.2.011:*:*:*:*:*:*:*", "matchCriteriaId": "BB435B6A-DA82-47DF-AED0-FEF11B62FA50", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.2.012:*:*:*:*:*:*:*", "matchCriteriaId": "A7A110C7-C934-4A91-AD58-FC57C95392EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.2.013:*:*:*:*:*:*:*", "matchCriteriaId": "0CCEFB5C-421C-4438-AC97-6EB36B69384A", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.2.014:*:*:*:*:*:*:*", "matchCriteriaId": "30B4A8FA-E94E-42BF-B6EB-18756A1EE127", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.2.015:*:*:*:*:*:*:*", "matchCriteriaId": "9C3E7D7F-595E-44ED-8D4A-006E01860227", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.2.016:*:*:*:*:*:*:*", "matchCriteriaId": "023D3754-DE1A-4CEC-929C-E54351CBBAB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.2.017:*:*:*:*:*:*:*", "matchCriteriaId": "5E394EA4-EC91-4DEC-815E-8AEE71523267", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.2.018:*:*:*:*:*:*:*", "matchCriteriaId": "CA482C25-3273-42D6-950F-B11148493278", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.2.020:*:*:*:*:*:*:*", "matchCriteriaId": "67EA2A64-D0AA-4CAE-AF82-DC38AAE5FC0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.2.021:*:*:*:*:*:*:*", "matchCriteriaId": "2F53E4CF-2607-4C32-99B2-23BF8E77FCBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.2.022:*:*:*:*:*:*:*", "matchCriteriaId": "DE3FBC4C-BB09-4BCF-B1BA-D9FF8E8CD08C", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.2.023:*:*:*:*:*:*:*", "matchCriteriaId": "AD4779BD-CA13-4FC3-BFF1-0ACC4F5BAF3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.2.025:*:*:*:*:*:*:*", "matchCriteriaId": "1B8D1F95-ADC0-4D5D-A59E-AEFAE982A082", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.2.026:*:*:*:*:*:*:*", "matchCriteriaId": "38B1398A-AA5A-4F8E-8A8A-3F009E1199D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.2.027:*:*:*:*:*:*:*", "matchCriteriaId": "F4630664-A1B7-4836-9C73-A04346A63CCC", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.2.028:*:*:*:*:*:*:*", "matchCriteriaId": "4B81BA0A-B5C3-4A3B-BE42-7A1ACA79A7D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.2.029:*:*:*:*:*:*:*", "matchCriteriaId": "2527DDB7-0974-4A7D-A9C4-D9EC93E6BFEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.2.030:*:*:*:*:*:*:*", "matchCriteriaId": "6D55F344-2EF0-42D8-8E10-010E86367D0A", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.2.031:*:*:*:*:*:*:*", "matchCriteriaId": "DF17E462-7D75-4143-BCF1-D42D3B16D8FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.2.032:*:*:*:*:*:*:*", "matchCriteriaId": "7A173A8C-54E9-444C-BB55-4497BD30DE90", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.3.000:*:*:*:*:*:*:*", "matchCriteriaId": "CC938ABF-E674-4F51-BDD1-D73FBEEA76D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.3.001:*:*:*:*:*:*:*", "matchCriteriaId": "83B1E4F3-B02C-4CC1-93DF-425E964513D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.3.002:*:*:*:*:*:*:*", "matchCriteriaId": "2D9FEF84-F788-45F4-AE6A-C9E9824BAD09", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.3.003:*:*:*:*:*:*:*", "matchCriteriaId": "353980D7-1E19-43E9-BDBF-77EA3DC87917", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.3.004:*:*:*:*:*:*:*", "matchCriteriaId": "BB08D03E-740C-4F91-A3A3-BE439AF1981C", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.3.005:*:*:*:*:*:*:*", "matchCriteriaId": "15FDBDB6-23E8-4498-BAD4-C1987D24B15C", "vulnerable": true}, {"criteria": "cpe:2.3:a:tecnick:tcexam:11.3.006:*:*:*:*:*:*:*", "matchCriteriaId": "49497479-5A67-4565-8506-5151D2990FAF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008 allows remote authenticated users with level 5 or greater permissions to inject arbitrary web script or HTML via the question_subject_id parameter."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en admin/code/tce_edit_answer.php en TCExam anterior a v11.3.008 permite a usuarios autenticados con nivel 5 o permisos superiores, inyectar c\u00f3digo web o HTML arbitrario a trav\u00e9s del par\u00e1metro question_subject_id."}], "id": "CVE-2012-4238", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-08-20T20:55:03.940", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-08/0090.html"}, {"source": "cve@mitre.org", "url": "http://freecode.com/projects/tcexam/releases/347125"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/50141"}, {"source": "cve@mitre.org", "url": "http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam%3Bh=edf6e08622642f1b2421f4355d98250d9e1b0742"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.reactionpenetrationtesting.co.uk/tcexam-cross-site-scripting.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-08/0090.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://freecode.com/projects/tcexam/releases/347125"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/50141"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam%3Bh=edf6e08622642f1b2421f4355d98250d9e1b0742"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.reactionpenetrationtesting.co.uk/tcexam-cross-site-scripting.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Access Vector Network

Access Complexity High

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity High

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object