Arbitrary Code Injection Vulnerability in CLink Office 2.0 Management Console

CVE-2020-6171 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

A cross-site scripting (XSS) vulnerability in the index page of the CLink Office 2.0 management console allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

Learn more about our Cis Benchmark Audit For Microsoft Office.