Description
Multiple cross-site scripting (XSS) vulnerabilities in www/administrator.php in eFront 3.6.14 (build 18012) allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) Last name, (2) Lesson name, or (3) Course name field.
Exploits (1)
References (3)
Core 3
Core References
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/30213
Exploit x_refsource_misc
http://packetstormsecurity.com/files/124400
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/89660
Scores
EPSS
0.0040
EPSS Percentile
60.6%
Details
CWE
CWE-79
Status
published
Products (1)
efrontlearning/efront
3.6.14
Published
Dec 21, 2013
Tracked Since
Feb 18, 2026