CVE-2014-4033

eFront 3.6.14.4 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname parameter to student.php.

Exploits (1)

exploitdb WRITEUP
by shyamkumar somana · textwebappsphp
https://www.exploit-db.com/exploits/33697

References (4)

Scores

EPSS 0.0216
EPSS Percentile 84.1%

Details

CWE
CWE-79
Status published
Products (2)
efrontlearning/efront
n/a/n/a
Published Jun 11, 2014
Tracked Since Feb 18, 2026