EFront Multiple Cross Site Scripting Vulnerabilities Network Vulnerability

Summary

eFront is prone to multiple cross-site scripting vulnerabilities because the software fails to sufficiently sanitize user- supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. eFront 3.6.10 build 11944 is vulnerable other versions may also be affected.

Solution

Updates are available. Please see the references for details.

References

http://www.efrontlearning.net/
http://www.securityfocus.com/archive/1/520351
http://www.securityfocus.com/bid/50469

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
Apache Tomcat RemoteFilterValve Security Bypass Vulnerability

eFront Multiple Cross Site Scripting Vulnerabilities

Take action and discover your vulnerabilities