Skip to content

CVE-2014-4033

Cross-site scripting (XSS) vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname parameter to student.php.

View on NVD

Severity

N/A

EPSS

Probability of exploitation (next 30 days): 0.0216 (2.2%)
Percentile: 84.4%
EPSS: 2026-05-06

Affects

efrontlearning:efront

Technical description

Cross-site scripting (XSS) vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname parameter to student.php.

Published: 6/11/2014, 2:55:09 PM
Last modified: 5/6/2026, 10:30:45 PM

References

HomeEventsBlogResourcesTeam