Persistent Cross Site Scripting Vulnerability in eFront 3.6.14.4

vendor:

eFront

by:

shyamkumar somana

8,8

CVSS

HIGH

Persistent Cross Site Scripting

CWE

Product Name: eFront

Affected Version From: 3.6.14.4

Affected Version To: 3.6.14.4

Patch Exists: YES

Related CWE: N/A

CPE: efrontlearning.net

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 7

2014

Persistent Cross Site Scripting Vulnerability in eFront 3.6.14.4

eFront 3.6.14.4 is vulnerable for a Persistent Cross Site Scripting Vulnerability. The vulnerability affects 'surname' parameter(Last Name Field) while updating the account details.

Mitigation:

Vendor has supplied a workaround for the vulnerability which can be found at https://github.com/epignosis/efront_open_source/issues/5

Source

Persistent Cross Site Scripting Vulnerability in eFront 3.6.14.4

Mitigation:

Exploit-DB raw data: