23 lines
794 B
Text
Executable file
23 lines
794 B
Text
Executable file
?# Exploit Title: Persistent Cross Site Scripting Vulnerability in eFront
|
|
3.6.14.4
|
|
# Date: 05 June 2014
|
|
# Exploit Author: shyamkumar somana
|
|
# Vendor Homepage: http://www.efrontlearning.net
|
|
# Software Link:
|
|
https://sourceforge.net/projects/efrontlearning/files/latest/download
|
|
# Version: 3.6.14.4
|
|
# Tested on: Windows 7
|
|
|
|
#################################################
|
|
eFront 3.6.14.4 is vulnerable for a Persistent Cross Site Scripting
|
|
Vulnerability.
|
|
The vulnerability affects 'surname' parameter(Last Name Field) while
|
|
updating the account details.
|
|
|
|
Vendor has supplied a workaround for the vulnerability which can be found
|
|
at
|
|
|
|
https://github.com/epignosis/efront_open_source/issues/5
|
|
|
|
#################################################
|
|
Greetz : oldmanlab, Jinen Patel
|