Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "<!--#exec cmd=" in a .shtml file to ck_upload_handler.php.
Max CVSS
9.8
EPSS Score
15.24%
Published
2019-03-07
Updated
2019-03-07
Cross-site scripting (XSS) vulnerability in Feng Office allows remote attackers to inject arbitrary web script or HTML via a client Name field.
Max CVSS
4.3
EPSS Score
0.19%
Published
2014-08-19
Updated
2017-09-08
Cross-site scripting (XSS) vulnerability in Feng Office 2.3.2-rc and earlier allows remote attackers to inject arbitrary web script or HTML via an arbitrary ref_XXX parameter.
Max CVSS
4.3
EPSS Score
0.21%
Published
2013-10-28
Updated
2013-10-29
Feng Office 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files.
Max CVSS
5.0
EPSS Score
0.29%
Published
2011-09-23
Updated
2012-03-12
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!