Mrhonest

**Name of the Vulnerable Software and Affected Versions** TomExam version 3.0 **Description** The issue is a Cross Site Scripting (XSS) vulnerability. It can be exploited via the `p name` parameter in the "list.thtml" endpoint. This allows for malicious script execution. **Recommendations** For TomExam version 3.0, avoid using the `p name` parameter in the "list.thtml" endpoint until the issue is resolved. As a temporary workaround, consider restricting access to this endpoint to minimize the risk of exploitation.