CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-37624
https://notcve.org/view.php?id=CVE-2024-37624
Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /chajian/inputChajian.php. component. Se descubrió que Xinhu RockOA v2.6.3 contenía una vulnerabilidad de cross site scripting (XSS) reflejado a través de /chajian/inputChajian.php. componente. • https://github.com/rainrocka/xinhu/issues/6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49363
https://notcve.org/view.php?id=CVE-2023-49363
Rockoa <2.3.3 is vulnerable to SQL Injection. The problem exists in the indexAction method in reimpAction.php. Rockoa en versiones < 2.3.3 es vulnerable a la inyección SQL. El problema existe en el método indexAction en reimpAction.php. • https://github.com/wednesdaygogo/Vulnerability-recurrence/blob/main/rockoa%20less%20than%202.3.3%20sql%20injection%20vulnerability.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48930
https://notcve.org/view.php?id=CVE-2023-48930
xinhu xinhuoa 2.2.1 contains a File upload vulnerability. xinhu xinhuoa 2.2.1 contiene una vulnerabilidad de carga de archivos. • https://gist.github.com/Maverickfir/b8113bdb51ec66e454ffa5b50674c446 https://github.com/Maverickfir/Vulnerability-recurrence/blob/main/xinhuOA.md https://github.com/Maverickfir/xinhuOA2.2.1 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5297 – Xinhu RockOA start backup
https://notcve.org/view.php?id=CVE-2023-5297
A vulnerability was found in Xinhu RockOA 2.3.2. It has been classified as problematic. This affects the function start of the file task.php?m=sys|runt&a=beifen. The manipulation leads to exposure of backup file to an unauthorized control sphere. • https://github.com/magicwave18/vuldb/issues/2 https://vuldb.com/?ctiid.240927 https://vuldb.com/?id.240927 • CWE-530: Exposure of Backup File to an Unauthorized Control Sphere CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2023-5296 – Xinhu RockOA Password password recovery
https://notcve.org/view.php?id=CVE-2023-5296
A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and classified as problematic. Affected by this issue is some unknown functionality of the file api.php?m=reimplat&a=index of the component Password Handler. The manipulation leads to weak password recovery. The attack may be launched remotely. • https://github.com/magicwave18/vuldb/issues/1 https://vuldb.com/?ctiid.240926 https://vuldb.com/?id.240926 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •