Vulnerabilities > Efrontlearning > Efront > Low

DATE CVE VULNERABILITY TITLE RISK
2013-12-21 CVE-2013-7194 Cross-Site Scripting vulnerability in Efrontlearning Efront 3.6.14
Multiple cross-site scripting (XSS) vulnerabilities in www/administrator.php in eFront 3.6.14 (build 18012) allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) Last name, (2) Lesson name, or (3) Course name field.
3.5
2012-08-13 CVE-2012-4270 Cross-Site Scripting vulnerability in Efrontlearning Efront 3.6.11
Cross-site scripting (XSS) vulnerability in eFront 3.6.11 allows remote authenticated users to inject arbitrary web script or HTML via the subject box of a message.
3.5