Arbitrary Code Injection Vulnerability in CLink Office 2.0 Management Console
CVE-2020-6171 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
A cross-site scripting (XSS) vulnerability in the index page of the CLink Office 2.0 management console allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
Learn more about our Cis Benchmark Audit For Microsoft Office.