vfront is a free open source front-end for MySQL or PostgreSQL databases written in PHP and Javascript. vfront version 0.99.5 is vulnerable to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to conduct cross-site scripting attacks via the s parameter in search_all.php and the msg parameter in add.attach.php.
CPE | Name | Operator | Version |
---|---|---|---|
vfront vfront | eq | 0.99.5 |