Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbShyamkumar somanaEDB-ID:33697
HistoryJun 09, 2014 - 12:00 a.m.

eFront 3.6.14.4 - 'surname' Persistent Cross-Site Scripting

2014-06-0900:00:00
shyamkumar somana
www.exploit-db.com
26

AI Score

7.4

Confidence

Low

EPSS

0.002

Percentile

60.4%

JSON
​# Exploit Title: Persistent Cross Site Scripting Vulnerability in eFront
3.6.14.4
# Date: 05 June 2014
# Exploit Author: shyamkumar somana
# Vendor Homepage: http://www.efrontlearning.net
# Software Link:
https://sourceforge.net/projects/efrontlearning/files/latest/download
# Version: 3.6.14.4
# Tested on: Windows 7

#################################################
eFront 3.6.14.4 is vulnerable for a Persistent Cross Site Scripting
Vulnerability.
The vulnerability affects 'surname' parameter(Last Name Field) while
updating the account details.

Vendor has supplied a workaround for the vulnerability which can be found
at

https://github.com/epignosis/efront_open_source/issues/5

#################################################
Greetz : oldmanlab, Jinen Patel

Related

cvelist 1
cve 1
nvd 1
prion 1
cvelist
cvelist
CVE-2014-4033
2014-06-11 14:00:00
cve
cve
CVE-2014-4033
2014-06-11 14:55:09
nvd
nvd
CVE-2014-4033
2014-06-11 14:55:09
prion
prion
Cross site scripting
2014-06-11 14:55:00

AI Score

7.4

Confidence

Low

EPSS

0.002

Percentile

60.4%

JSON
Related for EDB-ID:33697
cvelist1cve1nvd1prion1