VUPEN Web Vulnerability Research Team discovered multiple vulnerabilities in eFront. These issues are caused by input validation errors when processing the “remote_theme”, “name”, “system_email”, “password_length”, “math_server”, “site_motto” and “site_name” parameters, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user’s browser in the security context of an affected Web site. Versions prior to 3.6.3 build 7400 are affected.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/90282/efront-xss.txt
Source: https://packetstormsecurity.com/files/90282/eFront-Cross-Site-Scripting.html