2 matches found
CVE-2013-7194
CVE-2013-7194 describes multiple XSS vulnerabilities in the eFront 3.6.14 (build 18012) software, specifically in www/administrator.php. The underlying issue allows remote authenticated administrators to inject arbitrary web script or HTML via one of three fields: Last name, Lesson name, or Cours...
CVE-2012-6515
The CVE-2012-6515 entry affects eFront 3.6.10, 3.6.11 build 15059, and earlier. The vulnerability arises in the lesson_info module (index.php) where an invalid courses_ID parameter can cause an error message that reveals the installation path, resulting in partial information disclosure. Multiple...