Multiple cross-site scripting (XSS) vulnerabilities in www/administrator.php in eFront 3.6.14 (build 18012) allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) Last name, (2) Lesson name, or (3) Course name field.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
efrontlearning efront 3.6.14 |