CVE-2026-4169 | Tecnick TCExam up to 16.6.0 XML Export tce_xml_users.php F_xml_export_users cross site scripting

A vulnerability marked as problematic has been reported in Tecnick TCExam up to 16.6.0. Affected is the function F_xml_export_users of the file admin/code/tce_xml_users.php of the component XML Export. Performing a manipulation results in cross site scripting.

This vulnerability is known as CVE-2026-4169. Remote exploitation of the attack is possible. No exploit is available.

There are still doubts about whether this vulnerability truly exists.

It is suggested to upgrade the affected component.

When the vendor was informed about another security issue, he identified and fixed this flaw during analysis. He doubts the impact of this: “However, this is difficult to justify as security issue. It requires to be administrator to both create and consume the exploit. Administrators can do pretty much anything in the platform, so I don’t see the point of this from a security perspective.” This is reflected by the CVSS vector.

CVE-2026-4169 | Tecnick TCExam up to 16.6.0 XML Export tce_xml_users.php F_xml_export_users cross site scripting

Post correlati

CVE-2025-5516 | TOTOLINK X2000R 1.0.0-B20230726.1108 URL Filtering Page /boafrm/formFilter URL Address cross site scripting

CVE-2025-69189 | JobBank Plugin up to 1.2.3 on WordPress authorization

CVE-2023-51079 | mvel 2.5.0 ParseTools.subCompileExpression denial of service (Issue 348)

CVE-2024-4892 | BuddyPress Plugin up to 12.4.1 on WordPress cross site scripting