CVE-2012-4602

medium

Published 2012-11-23 · Modified 2026-04-29

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

4.3

Description

Multiple cross-site scripting (XSS) vulnerabilities in admin/code/tce_select_users_popup.php in Nicola Asuni TCExam before 11.3.009 allow remote attackers to inject arbitrary web script or HTML via the (1) cid or (2) uids parameter.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Application impact

Vendor	Product	Versions
tecnick	tcexam	`{"endIncluding":"11.3.008"}`
tecnick	tcexam	`10.1.000`
tecnick	tcexam	`10.1.001`
tecnick	tcexam	`10.1.002`
tecnick	tcexam	`10.1.003`
tecnick	tcexam	`10.1.004`
tecnick	tcexam	`10.1.005`
tecnick	tcexam	`10.1.006`
tecnick	tcexam	`10.1.007`
tecnick	tcexam	`10.1.008`
tecnick	tcexam	`10.1.009`
tecnick	tcexam	`10.1.010`
tecnick	tcexam	`10.1.011`
tecnick	tcexam	`10.1.012`
tecnick	tcexam	`10.1.013`
tecnick	tcexam	`11.0.000`
tecnick	tcexam	`11.0.001`
tecnick	tcexam	`11.0.002`
tecnick	tcexam	`11.0.003`
tecnick	tcexam	`11.0.004`
tecnick	tcexam	`11.0.005`
tecnick	tcexam	`11.0.006`
tecnick	tcexam	`11.0.007`
tecnick	tcexam	`11.0.008`
tecnick	tcexam	`11.0.009`
tecnick	tcexam	`11.0.010`
tecnick	tcexam	`11.0.011`
tecnick	tcexam	`11.0.012`
tecnick	tcexam	`11.0.013`
tecnick	tcexam	`11.0.014`
tecnick	tcexam	`11.0.015`
tecnick	tcexam	`11.0.016`
tecnick	tcexam	`11.1.000`
tecnick	tcexam	`11.1.001`
tecnick	tcexam	`11.1.002`
tecnick	tcexam	`11.1.003`
tecnick	tcexam	`11.1.004`
tecnick	tcexam	`11.1.005`
tecnick	tcexam	`11.1.006`
tecnick	tcexam	`11.1.007`
tecnick	tcexam	`11.1.008`
tecnick	tcexam	`11.1.009`
tecnick	tcexam	`11.1.010`
tecnick	tcexam	`11.1.011`
tecnick	tcexam	`11.1.012`
tecnick	tcexam	`11.1.013`
tecnick	tcexam	`11.1.014`
tecnick	tcexam	`11.1.015`
tecnick	tcexam	`11.1.016`
tecnick	tcexam	`11.1.017`
tecnick	tcexam	`11.1.018`
tecnick	tcexam	`11.1.019`
tecnick	tcexam	`11.1.020`
tecnick	tcexam	`11.1.021`
tecnick	tcexam	`11.1.022`
tecnick	tcexam	`11.1.023`
tecnick	tcexam	`11.1.024`
tecnick	tcexam	`11.1.025`
tecnick	tcexam	`11.1.026`
tecnick	tcexam	`11.1.027`
tecnick	tcexam	`11.1.028`
tecnick	tcexam	`11.1.029`
tecnick	tcexam	`11.1.030`
tecnick	tcexam	`11.1.031`
tecnick	tcexam	`11.2.000`
tecnick	tcexam	`11.2.001`
tecnick	tcexam	`11.2.002`
tecnick	tcexam	`11.2.003`
tecnick	tcexam	`11.2.004`
tecnick	tcexam	`11.2.005`
tecnick	tcexam	`11.2.006`
tecnick	tcexam	`11.2.007`
tecnick	tcexam	`11.2.008`
tecnick	tcexam	`11.2.010`
tecnick	tcexam	`11.2.011`
tecnick	tcexam	`11.2.012`
tecnick	tcexam	`11.2.013`
tecnick	tcexam	`11.2.014`
tecnick	tcexam	`11.2.015`
tecnick	tcexam	`11.2.016`
tecnick	tcexam	`11.2.017`
tecnick	tcexam	`11.2.018`
tecnick	tcexam	`11.2.020`
tecnick	tcexam	`11.2.021`
tecnick	tcexam	`11.2.022`
tecnick	tcexam	`11.2.023`
tecnick	tcexam	`11.2.025`
tecnick	tcexam	`11.2.026`
tecnick	tcexam	`11.2.027`
tecnick	tcexam	`11.2.028`
tecnick	tcexam	`11.2.029`
tecnick	tcexam	`11.2.030`
tecnick	tcexam	`11.2.031`
tecnick	tcexam	`11.2.032`
tecnick	tcexam	`11.3.000`
tecnick	tcexam	`11.3.001`
tecnick	tcexam	`11.3.002`
tecnick	tcexam	`11.3.003`
tecnick	tcexam	`11.3.004`
tecnick	tcexam	`11.3.005`
tecnick	tcexam	`11.3.006`
tecnick	tcexam	`11.3.007`

References

CWEs

CWE-79

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.