2 matches found
CVE-2013-5744
Cross-site scripting (XSS) vulnerability in Feng Office 2.3.2-rc and earlier allows remote attackers to inject arbitrary web script or HTML via an arbitrary ref_XXX parameter.
CVE-2014-5343
Cross-site scripting (XSS) vulnerability in Feng Office allows remote attackers to inject arbitrary web script or HTML via a client Name field.