Cross-Site Scripting Vulnerability in Feng Office by Feng
CVE-2013-5744

Currently unrated

Key Information:

Vendor: Fengoffice
Status: Feng Office
Vendor: CVE Published:; 28 October 2013

What is CVE-2013-5744?

A cross-site scripting (XSS) vulnerability affects Feng Office versions 2.3.2-rc and earlier, allowing remote attackers to inject arbitrary web scripts or HTML through the manipulation of the ref_XXX parameter. Exploiting this flaw can lead to unauthorized actions and data exposure, compromising user security and potentially allowing for further attacks.

References

https://www.htbridge.com/advisory/HTB23174

x_refsource_MISC

http://archives.neohapsis.com/archives/bugtraq/2013-10/00...

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 28, 2013

Fengoffice

What is CVE-2013-5744?

References

Timeline