CVE 2020-6171 – Cross-Site Scripting in CLink Office v2

DeepCode discovered a Cross-Site Scripting (XSS) vulnerability in CLink Office via parameter injection. As of 18 January 2020, a simple Google search returned 2,500 web servers using the application, mostly in Hong Kong.