CVE-2013-7194
eFront 3.6.14 - Authenticated Stored Cross-Site Scripting via Administrator Fields
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2013-7194. PoCs published by sajith.
AI-analyzed exploit summary This exploit demonstrates stored XSS vulnerabilities in eFront v3.6.14 (build 18012) by injecting malicious payloads into user profile fields, lesson names, and course names. The payloads execute arbitrary JavaScript when rendered in the application.
Description
Multiple cross-site scripting (XSS) vulnerabilities in www/administrator.php in eFront 3.6.14 (build 18012) allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) Last name, (2) Lesson name, or (3) Course name field.
Exploits (1)
This exploit demonstrates stored XSS vulnerabilities in eFront v3.6.14 (build 18012) by injecting malicious payloads into user profile fields, lesson names, and course names. The payloads execute arbitrary JavaScript when rendered in the application.