CVE-2021-20111

CVE-2021-20111

A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce_filemanager.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tce_filemanager.php could upload a malicious javascript payload which would be triggered when another user views the file.

Source: CVE-2021-20111

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다