Summary
This host is installed with Feng Office and is prone to cross-site scripting Vulnerability.
Impact
Successful exploitation will allow remote attackers to steal the victim's cookie-based authentication credentials.
Impact Level: Application
Solution
Upgrade to Feng Office 2.5-beta or later.
For updates refer to http://www.fengoffice.com
Insight
An error exists in the application which fails to properly sanitize user-supplied input to "ref_XXX" parameter before using it
Affected
Feng Office 2.3.2-rc and earlier
Detection
Send a crafted exploit string via HTTP GET request and check whether it is able to read the string or not.
References
Severity
Classification
-
CVE CVE-2013-5744 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- @Mail 'MailType' Parameter Cross Site Scripting Vulnerability
- Adobe JRun Management Console Multiple Vulnerabilities
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
- Apache Struts Directory Traversal Vulnerability