CVE-2026-4168

LOW 2.4

Tecnick TCExam Group tce_edit_group.php cross site scripting

CVSS Score

2.4

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was identified in Tecnick TCExam 16.5.0. This impacts an unknown function of the file /admin/code/tce_edit_group.php of the component Group Handler. Such manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit is publicly available and might be used. The presence of this vulnerability remains uncertain at this time. The affected component should be upgraded. The vendor explained: "I was not able to reproduce the same exploit as the TCExam version was already advanced in the meanwhile." Therefore, it can be assumed that this issue got fixed in a later release.

CWE	CWE-79 CWE-94
Vendor	tecnick
Product	tcexam
Published	Mar 15, 2026
Last Updated	Mar 16, 2026

Stay Ahead of the Next One

Get instant alerts for tecnick tcexam

Be the first to know when new low vulnerabilities affecting tecnick tcexam are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Tecnick / TCExam

16.5.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.351075 vuldb.com: https://vuldb.com/?ctiid.351075 vuldb.com: https://vuldb.com/?submit.769826 github.com: https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/CVE%20Stored%20XSS.md github.com: https://github.com/tecnickcom/tcexam/tags

Credits

🔍 AhmadMarzouk (VulDB User)