Skip to main content

Feng Office

4 CVEs product

Monthly

CVE-2024-6039 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Microsoft Feng Office
NVD VulDB Exploit-DB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2019-9623 CRITICAL POC Act Now

Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "<!--#exec cmd=" in a .shtml file to ck_upload_handler.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Microsoft RCE Feng Office
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
8.1%
CVE-2014-5343 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Feng Office allows remote attackers to inject arbitrary web script or HTML via a client Name field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Microsoft Feng Office
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5744 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Feng Office 2.3.2-rc and earlier allows remote attackers to inject arbitrary web script or HTML via an arbitrary ref_XXX parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Microsoft XSS Feng Office
NVD
CVSS 2.0
4.3
EPSS
0.3%
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Microsoft Feng Office
NVD VulDB Exploit-DB
EPSS 8% CVSS 9.8
CRITICAL POC Act Now

Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "<!--#exec cmd=" in a .shtml file to ck_upload_handler.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Microsoft +2
NVD Exploit-DB
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Feng Office allows remote attackers to inject arbitrary web script or HTML via a client Name field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Microsoft Feng Office
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Feng Office 2.3.2-rc and earlier allows remote attackers to inject arbitrary web script or HTML via an arbitrary ref_XXX parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Microsoft XSS Feng Office
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy