{"id":"CVE-2020-5750","details":"Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature.","modified":"2026-04-12T00:01:58.793565Z","published":"2020-05-07T17:15:12.277Z","references":[{"type":"FIX","url":"https://www.tenable.com/security/research/tra-2020-31"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tecnickcom/tcexam","events":[{"introduced":"0"},{"last_affected":"a84d81617b45538a32a46d7ef456a01f4e21e2fa"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"14.2.2"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:tecnick:tcexam:14.2.2:*:*:*:*:*:*:*"}}],"versions":["12.0.013","12.0.014","12.1.000","12.1.001","12.1.002","12.1.003","12.1.004","12.1.005","12.1.006","12.1.007","12.1.008","12.1.009","12.1.010","12.1.011","12.1.012","12.1.013","12.1.014","12.1.015","12.1.016","12.1.017","12.1.018","12.1.019","12.1.020","12.1.021","12.1.022","12.1.023","12.1.024","12.1.025","12.1.026","12.1.027","12.1.28","12.1.29","12.1.30","12.2.0","12.2.1","12.2.2","12.2.3","12.2.4","12.2.5","13.0.1","13.0.2","13.1.1","13.2.0","13.2.1","13.3.0","14.0.0","14.0.1","14.0.2","14.0.3","14.1.0","14.1.2","14.1.3","14.1.4","14.2.1","14.2.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-5750.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}