Efrontlearning : Security Vulnerabilities, CVEs, (XSS)

CVE-2014-4033

Cross-site scripting (XSS) vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname parameter to student.php.
Max CVSS
4.3
EPSS Score
1.43%
Published
2014-06-11
Updated
2014-06-12

CVE-2013-7194

Multiple cross-site scripting (XSS) vulnerabilities in www/administrator.php in eFront 3.6.14 (build 18012) allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) Last name, (2) Lesson name, or (3) Course name field.
Max CVSS
3.5
EPSS Score
0.12%
Published
2013-12-21
Updated
2017-08-29

CVE-2012-4270

Cross-site scripting (XSS) vulnerability in eFront 3.6.11 allows remote authenticated users to inject arbitrary web script or HTML via the subject box of a message.
Max CVSS
3.5
EPSS Score
0.09%
Published
2012-08-13
Updated
2017-08-29

CVE-2012-1048

Cross-site scripting (XSS) vulnerability in communityplusplus/www/administrator.php in eFront Community++ edition 3.6.10, and possibly other editions, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.
Max CVSS
4.3
EPSS Score
0.20%
Published
2012-02-12
Updated
2017-08-29
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close