eFront Learning 3.6.11 Cross Site Scripting

Posted on 27 February 2015

# Affected software: efrontlearning # Type of vulnerability: stored xss # URL: http://demo.efrontlearning.net/ # Discovered by: Provensec # Website: http://www.provensec.com # Description: Open Source e-Learning # Proof of concept #version:eFront 3.6.11 goto addd new category http://demo.efrontlearning.net/enterprise/www/administrator.php?ctg=directions and add new with xss payload "><img src=d onerror=confirm(1);> and save it payload will execute #screen:http://prntscr.com/69zhge

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Apache Solr Backup/Restore API Remote Code Execution
Nginx 1.25.5 Host Header Validation
Relate Learning And Teaching System SSTI / Remote Code Execution
Flowise 1.6.5 Authentication Bypass
WordPress Background Image Cropper 1.2 Shell Upload

Last 20