IQID:12980 HTTP eFront Learning CMS Cross Site Scripting S

IQID: 12980 - April 2016

An application-side input validation web vulnerability has been discovered in eFront eLearning v3.6.15.6 CMS. The vulnerability allows remote attacker to inject own malicious script codes to the application-side of the vulnerable module/function context. The vulnerability is located at the `message attachment file` value of the `file upload` module. Remote attackers are able to inject malicious script codes to the file upload message module POST method request to compromise the `message` module. The attack vector of the vulnerability is located on the application-side of the product and the request method to inject is POST. The execution point is the vulnerable `message` Module. Exploitation of the persistent web vulnerability requires a low privileged web application user account and low user interaction (click or forward).

A Full Description is available for this threat, please sign in for access to Full Description.

 

Attack Data

Attack Data is available for this threat, please sign in for access to Attack Data.

 

CVSS Information

CVSS Information is available for this threat, please sign in for access to CVSS Information.

 

Date

Date Information is available for this threat, please sign in for access to Date Information.