Vulnerabilities > Efrontlearning > Efront > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-12-21 | CVE-2013-7194 | Cross-Site Scripting vulnerability in Efrontlearning Efront 3.6.14 Multiple cross-site scripting (XSS) vulnerabilities in www/administrator.php in eFront 3.6.14 (build 18012) allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) Last name, (2) Lesson name, or (3) Course name field. | 3.5 |
2012-08-13 | CVE-2012-4270 | Cross-Site Scripting vulnerability in Efrontlearning Efront 3.6.11 Cross-site scripting (XSS) vulnerability in eFront 3.6.11 allows remote authenticated users to inject arbitrary web script or HTML via the subject box of a message. | 3.5 |