EUVD-2025-202294

Cross-site scripting XSS vulnerability in function urltestAction in file cliAction.php in Xinhu Rainrock RockOA 2.7.0 allows remote attackers to inject arbitrary web script or HTML via the m parameter to the task.php endpoint...

CVE-2025-63737

Xinhu Rainrock RockOA 2.7.0 is affected by a Cross-site Scripting (XSS) vulnerability in the urltestAction function of cliAction.php. The issue allows remote attackers to inject arbitrary web scripts or HTML via the m parameter to the /task.php endpoint. The attack surface is the RockOA 2.7.0 dep...

PT-2025-50096

Name of the Vulnerable Software and Affected Versions Xinhu Rainrock RockOA version 2.7.0 Description A cross-site scripting XSS issue exists in the urltestAction function within the cliAction.php file. This allows attackers to inject arbitrary web scripts or HTML code through the m parameter of...

PT-2024-20829

Name of the Vulnerable Software and Affected Versions Task Manager App version 1.0 Description A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Task Name parameter in the "/TaskManager/Task.php" API endpoint...