CVE-2014-4033
eFront 3.6.14.4 - Cross-Site Scripting via Surname Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2014-4033. PoCs published by shyamkumar somana.
AI-analyzed exploit summary This is a writeup describing a persistent XSS vulnerability in eFront 3.6.14.4 affecting the 'surname' parameter during account updates. No exploit code is provided, only a description and vendor workaround reference.
Description
Cross-site scripting (XSS) vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname parameter to student.php.
Exploits (1)
This is a writeup describing a persistent XSS vulnerability in eFront 3.6.14.4 affecting the 'surname' parameter during account updates. No exploit code is provided, only a description and vendor workaround reference.