CVE Tools
Sign in

CVE-2026-4169

Tecnick TCExam XML Export tce_xml_users.php F_xml_export_users cross site scripting

Published: Mar 15, 2026Updated: Apr 22, 2026 Sources: CVE List NVDCWE-79
2.4LOW
NVD MITRE
EPSS Score
0.2%
Top 89.9%
CISA KEV
Not in KEV
Exploits
No Known Exploits
Remediation
No Fix Available

Description

A security flaw has been discovered in Tecnick TCExam up to 16.6.0. Affected is the function F_xml_export_users of the file admin/code/tce_xml_users.php of the component XML Export. Performing a manipulation results in cross site scripting. Remote exploitation of the attack is possible. There are still doubts about whether this vulnerability truly exists. Upgrading to version 16.6.1 is able to address this issue. The patch is named 899b5b2fa09edfe16043f07265e44fe2022b7f12. It is suggested to upgrade the affected component. When the vendor was informed about another security issue, he identified and fixed this flaw during analysis. He doubts the impact of this: "However, this is difficult to justify as security issue. It requires to be administrator to both create and consume the exploit. Administrators can do pretty much anything in the platform, so I don't see the point of this from a security perspective." This is reflected by the CVSS vector.

No summary for this CVE yet.

CVSS Vector Breakdown

AV:NAC:LPR:HUI:RS:UC:NI:LA:N
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:HPrivileges Required
High
UI:RUser Interaction
Required
Scope
S:UScope
Unchanged
Impact
C:NConfidentiality
None
I:LIntegrity
Low
A:NAvailability
None
Open in CVSS calculator →

Weaknesses

CWE-79CWE-94

Affected Products

TCExamTecnick
Library
OSS Libraries / generic-library
tecnickindividual-devOSS Librariesaka tcpdf, tcexam, aiocp

Exploitability

No known exploits, KEV entries, or remediation guidance available for this vulnerability yet.

Attack Graph

Products CVE Techniques Tactics

Click technique nodes to view MITRE ATT&CK details. Scroll to zoom, drag to pan.

MITRE ATT&CK

3 techniques
Execution
Initial Access
View detailed technique mapping

References

https://vuldb.com/?id.351076
vuldb.com
https://vuldb.com/?ctiid.351076
vuldb.com
https://github.com/tecnickcom/tcexam/commit/899b5b2fa09edfe16043f07265e44fe2022b7f12
github.com
and 1 more references View all →

Timeline

Published
Mar 15, 2026
Last Updated
Apr 22, 2026

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2026-4169 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows