CVE-2021-20111
- Source
- https://cve.org/CVERecord?id=CVE-2021-20111
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-20111.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-20111
- Published
- 2021-07-30T14:15:14.283Z
- Modified
- 2025-11-14T11:11:18.717574Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tcefilemanager.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tcefilemanager.php could upload a malicious javascript payload which would be triggered when another user views the file.
- References
Affected packages
Git / github.com/tecnickcom/tcexam
Affected ranges
- Type
- GIT
- Repo
- https://github.com/tecnickcom/tcexam
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
12.*
12.0.013
12.0.014
12.1.000
12.1.001
12.1.002
12.1.003
12.1.004
12.1.005
12.1.006
12.1.007
12.1.008
12.1.009
12.1.010
12.1.011
12.1.012
12.1.013
12.1.014
12.1.015
12.1.016
12.1.017
12.1.018
12.1.019
12.1.020
12.1.021
12.1.022
12.1.023
12.1.024
12.1.025
12.1.026
12.1.027
12.1.28
12.1.29
12.1.30
12.2.0
12.2.1
12.2.2
12.2.3
12.2.4
12.2.5
13.*
13.0.1
13.0.2
13.1.1
13.2.0
13.2.1
13.3.0
14.*
14.0.0
14.0.1
14.0.2
14.0.3
14.1.0
14.1.10
14.1.11
14.1.12
14.1.13
14.1.14
14.1.15
14.1.2
14.1.3
14.1.4
14.1.5
14.1.6
14.1.7
14.1.8
14.1.9
14.2.1
14.2.2
14.2.3
14.3.0
14.3.1
14.3.2
14.4.0
14.4.1
14.5.0
14.5.1
14.5.2
14.6.0
14.7.0
14.8.0
14.8.1