Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008 allows remote authenticated users with level 5 or greater permissions to inject arbitrary web script or HTML via the question_subject_id parameter.
http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam%3Bh=edf6e08622642f1b2421f4355d98250d9e1b0742
http://secunia.com/advisories/50141
http://freecode.com/projects/tcexam/releases/347125
Source: Mitre, NVD
Published: 2012-08-20
Updated: 2026-06-16
Base Score: 2.1
Vector: CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N
Severity: Low
Base Score: 6.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: Medium
EPSS: 0.00181