EFront Multiple Cross Site Scripting Vulnerabilities Network Vulnerability

Summary

eFront is prone to multiple cross-site scripting vulnerabilities because the software fails to sufficiently sanitize user- supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. eFront 3.6.10 build 11944 is vulnerable other versions may also be affected.

Solution

Updates are available. Please see the references for details.

References

http://www.efrontlearning.net/
http://www.securityfocus.com/archive/1/520351
http://www.securityfocus.com/bid/50469

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tomcat Multiple Vulnerabilities June-09
Adobe ColdFusion HTTP Response Splitting Vulnerability
Apache Tomcat Directory Listing and File disclosure
7Media Web Solutions EduTrac Directory Traversal Vulnerability
Apache Struts Directory Traversal Vulnerability

eFront Multiple Cross Site Scripting Vulnerabilities

Take action and discover your vulnerabilities