Feng Office 'index.php' Cross Site Scripting Vulnerability

Feng Office is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.

Attackers can exploit this issue steal cookie-based authentication information, execute arbitrary client-side scripts in the context of the browser, and obtain sensitive information. Other attacks are also possible.

Feng Office 2.3.2-rc is vulnerable; other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus