XSS in Fengoffice Feng_office
CVE-2013-5744
Cross-site scripting (XSS) vulnerability in Feng Office 2.3.2-rc and earlier allows remote attackers to inject arbitrary web script or HTML via an arbitrary ref_XXX parameter.
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.010 (57.1th percentile) — read the EPSS interpretation.
Affected products
- Fengoffice Feng_office — versions 1.6.2, 1.7, 1.7.1
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (Exploit, x_refsource_MISC)
- cve@mitre.org (mailing-list, Exploit, x_refsource_BUGTRAQ)