CVE-2020-6171

MEDIUM NUCLEI

CLink Office 2.0 - XSS

Title source: llm

Description

A cross-site scripting (XSS) vulnerability in the index page of the CLink Office 2.0 management console allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

Nuclei Templates (1)

CLink Office 2.0 - Cross-Site Scripting

MEDIUMby pikpikcu

References (1)

[Exploit, Third Party Advisory] https://www.deepcode.ca/index.php/2020/04/07/cve-2020-xss-in-clink-office-v2/

Scores

CVSS v3 6.1

EPSS 0.1240

EPSS Percentile 93.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

communilink/clink_office 2.0

Published Apr 07, 2020

Tracked Since Feb 18, 2026