This host is installed with Feng Office and is prone to cross-site scripting Vulnerability.

Successful exploitation will allow remote attackers to steal the victim's cookie-based authentication credentials. Impact Level: Application

Upgrade to Feng Office 2.5-beta or later. For updates refer to http://www.fengoffice.com

An error exists in the application which fails to properly sanitize user-supplied input to "ref_XXX" parameter before using it

Feng Office 2.3.2-rc and earlier

Send a crafted exploit string via HTTP GET request and check whether it is able to read the string or not.

• http://osvdb.org/97552
• http://packetstormsecurity.com/files/123556
• http://seclists.org/bugtraq/2013/Oct/33
• https://www.htbridge.com/advisory/HTB23174

---

Updated on 2015-03-25