eFront 3.6.14.4 – ‘surname’ Persistent Cross-Site Scripting

• Exploit Database
• 11 阅读

• 作者： shyamkumar somana
  日期： 2014-06-09
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/33697/

• ​# Exploit Title: Persistent Cross Site Scripting Vulnerability in eFront
  3.6.14.4
  # Date: 05 June 2014
  # Exploit Author: shyamkumar somana
  # Vendor Homepage: http://www.efrontlearning.net
  # Software Link:
  https://sourceforge.net/projects/efrontlearning/files/latest/download
  # Version: 3.6.14.4
  # Tested on: Windows 7
  
  #################################################
  eFront 3.6.14.4 is vulnerable for a Persistent Cross Site Scripting
  Vulnerability.
  The vulnerability affects 'surname' parameter(Last Name Field) while
  updating the account details.
  
  Vendor has supplied a workaround for the vulnerability which can be found
  at
  
  https://github.com/epignosis/efront_open_source/issues/5
  
  #################################################
  Greetz : oldmanlab, Jinen Patel