214 matches found
CVE-2026-0588
A weakness has been identified in Xinhu Rainrock RockOA up to 2.7.1. Affected by this vulnerability is an unknown functionality of the file rockfun.php of the component API. This manipulation of the argument callback causes cross site scripting. The attack may be initiated remotely. The exploit h...
CVE-2026-0587
A security flaw has been discovered in Xinhu Rainrock RockOA up to 2.7.1. Affected is an unknown function of the file rockpagegong.php of the component Cover Image Handler. The manipulation of the argument fengmian results in cross site scripting. The attack can be launched remotely. The exploit...
CVE-2026-0588
A weakness has been identified in Xinhu Rainrock RockOA up to 2.7.1. Affected by this vulnerability is an unknown functionality of the file rockfun.php of the component API. This manipulation of the argument callback causes cross site scripting. The attack may be initiated remotely. The exploit h...
CVE-2026-0588
A weakness has been identified in Xinhu Rainrock RockOA up to 2.7.1. Affected by this vulnerability is an unknown functionality of the file rockfun.php of the component API. This manipulation of the argument callback causes cross site scripting. The attack may be initiated remotely. The exploit h...
EUVD-2026-0861
A weakness has been identified in Xinhu Rainrock RockOA up to 2.7.1. Affected by this vulnerability is an unknown functionality of the file rockfun.php of the component API. This manipulation of the argument callback causes cross site scripting. The attack may be initiated remotely. The exploit h...
CVE-2026-0588 Xinhu Rainrock RockOA API rockfun.php cross site scripting
A weakness has been identified in Xinhu Rainrock RockOA up to 2.7.1. Affected by this vulnerability is an unknown functionality of the file rockfun.php of the component API. This manipulation of the argument callback causes cross site scripting. The attack may be initiated remotely. The exploit h...
CVE-2026-0588 Xinhu Rainrock RockOA API rockfun.php cross site scripting
A weakness has been identified in Xinhu Rainrock RockOA up to 2.7.1. Affected by this vulnerability is an unknown functionality of the file rockfun.php of the component API. This manipulation of the argument callback causes cross site scripting. The attack may be initiated remotely. The exploit h...
CVE-2026-0588
CVE-2026-0588 affects Xinhu Rainrock RockOA up to 2.7.1. The vulnerability lies in rockfun.php (API component); manipulating the callback argument enables cross-site scripting. Exploitation can be attempted remotely, and the public exploit is available. Multiple sources confirm the issue and note...
CVE-2026-0587
A security flaw has been discovered in Xinhu Rainrock RockOA up to 2.7.1. Affected is an unknown function of the file rockpagegong.php of the component Cover Image Handler. The manipulation of the argument fengmian results in cross site scripting. The attack can be launched remotely. The exploit...
CVE-2026-0587
A security flaw has been discovered in Xinhu Rainrock RockOA up to 2.7.1. Affected is an unknown function of the file rockpagegong.php of the component Cover Image Handler. The manipulation of the argument fengmian results in cross site scripting. The attack can be launched remotely. The exploit...
CVE-2026-0587 Xinhu Rainrock RockOA Cover Image rock_page_gong.php cross site scripting
A security flaw has been discovered in Xinhu Rainrock RockOA up to 2.7.1. Affected is an unknown function of the file rockpagegong.php of the component Cover Image Handler. The manipulation of the argument fengmian results in cross site scripting. The attack can be launched remotely. The exploit...
EUVD-2026-0860
A security flaw has been discovered in Xinhu Rainrock RockOA up to 2.7.1. Affected is an unknown function of the file rockpagegong.php of the component Cover Image Handler. The manipulation of the argument fengmian results in cross site scripting. The attack can be launched remotely. The exploit...
CVE-2026-0587 Xinhu Rainrock RockOA Cover Image rock_page_gong.php cross site scripting
A security flaw has been discovered in Xinhu Rainrock RockOA up to 2.7.1. Affected is an unknown function of the file rockpagegong.php of the component Cover Image Handler. The manipulation of the argument fengmian results in cross site scripting. The attack can be launched remotely. The exploit...
CVE-2026-0587
CVE-2026-0587 affects Xinhu Rainrock RockOA up to 2.7.1. The vulnerability is a cross-site scripting in the Cover Image Handler, file rock_page_gong.php, via tampering of the fengmian parameter. It can be exploited remotely; the public exploit is available and the vendor did not respond. Remediat...
PT-2026-1274
Name of the Vulnerable Software and Affected Versions Xinhu Rainrock RockOA versions up to 2.7.1 Description A security flaw exists in Xinhu Rainrock RockOA up to version 2.7.1. The issue is related to cross site scripting within the Cover Image Handler component, specifically in the file rock pa...
Xinhu Rainrock RockOA 安全漏洞
Xinhu Rainrock RockOA is an office automation system from China Xinhu. A security vulnerability exists in Xinhu Rainrock RockOA 2.7.1 and earlier versions, which originates from the incorrect operation of the parameter fengmian in the file rockpagegong.php, and could lead to a cross-site scriptin...
CVE-2025-63742
SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the shouji and userid...
CVE-2025-63738
An issue was discovered in file index.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to gain sensitive information via phpinfo via the a parameter to the index.php...
CVE-2025-63739
An issue was discovered in function phpinisaveAction in file webmain/system/cogini/coginiAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to authenticated users to modify PHP configuration files via the a parameter to the index.php endpoint...
CVE-2025-63737
Cross-site scripting XSS vulnerability in function urltestAction in file cliAction.php in Xinhu Rainrock RockOA 2.7.0 allows remote attackers to inject arbitrary web script or HTML via the m parameter to the task.php endpoint...