​# Exploit Title: Persistent Cross Site Scripting Vulnerability in eFront 3.6.14.4 # Date: 05 June 2014 # Exploit Author: shyamkumar somana # Vendor Homepage: http://www.efrontlearning.net # Software Link: https://sourceforge.net/projects/efrontlearning/files/latest/download # Version: 3.6.14.4 # Tested on: Windows 7 ################################################# eFront 3.6.14.4 is vulnerable for a Persistent Cross Site Scripting Vulnerability. The vulnerability affects 'surname' parameter(Last Name Field) while updating the account details. Vendor has supplied a workaround for the vulnerability which can be found at https://github.com/epignosis/efront_open_source/issues/5 ################################################# Greetz : oldmanlab, Jinen Patel