{"id":"CVE-2018-13422","details":"TCExam before 14.1.2 has XSS via an ff_ or xl_ field.","modified":"2026-03-14T09:27:41.943626Z","published":"2018-07-07T17:29:00.510Z","references":[{"type":"ADVISORY","url":"https://github.com/tecnickcom/tcexam/pull/223"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tecnickcom/tcexam","events":[{"introduced":"0"},{"fixed":"a4089f4197313179bbb174d604186a11fe25e0e6"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"14.1.2"}]}}],"versions":["12.0.013","12.0.014","12.1.000","12.1.001","12.1.002","12.1.003","12.1.004","12.1.005","12.1.006","12.1.007","12.1.008","12.1.009","12.1.010","12.1.011","12.1.012","12.1.013","12.1.014","12.1.015","12.1.016","12.1.017","12.1.018","12.1.019","12.1.020","12.1.021","12.1.022","12.1.023","12.1.024","12.1.025","12.1.026","12.1.027","12.1.28","12.1.29","12.1.30","12.2.0","12.2.1","12.2.2","12.2.3","12.2.4","12.2.5","13.0.1","13.0.2","13.1.1","13.2.0","13.2.1","13.3.0","14.0.0","14.0.1","14.0.2","14.0.3","14.1.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-13422.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}