2 matches found
CVE-2013-7194
CVE-2013-7194 describes multiple XSS vulnerabilities in the eFront 3.6.14 (build 18012) software, specifically in www/administrator.php. The underlying issue allows remote authenticated administrators to inject arbitrary web script or HTML via one of three fields: Last name, Lesson name, or Cours...
CVE-2012-4270
CVE-2012-4270 describes a Cross-site scripting (XSS) vulnerability in eFront 3.6.11 where remote authenticated users can inject arbitrary script/HTML via the subject field of a message. The NVD entry lists a low base score (CVSSv2 3.5) with network access and user interaction not required, but au...