CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-37624
https://notcve.org/view.php?id=CVE-2024-37624
Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /chajian/inputChajian.php. component. Se descubrió que Xinhu RockOA v2.6.3 contenía una vulnerabilidad de cross site scripting (XSS) reflejado a través de /chajian/inputChajian.php. componente. • https://github.com/rainrocka/xinhu/issues/6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49363
https://notcve.org/view.php?id=CVE-2023-49363
Rockoa <2.3.3 is vulnerable to SQL Injection. The problem exists in the indexAction method in reimpAction.php. Rockoa en versiones < 2.3.3 es vulnerable a la inyección SQL. El problema existe en el método indexAction en reimpAction.php. • https://github.com/wednesdaygogo/Vulnerability-recurrence/blob/main/rockoa%20less%20than%202.3.3%20sql%20injection%20vulnerability.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5297 – Xinhu RockOA start backup
https://notcve.org/view.php?id=CVE-2023-5297
A vulnerability was found in Xinhu RockOA 2.3.2. It has been classified as problematic. This affects the function start of the file task.php?m=sys|runt&a=beifen. The manipulation leads to exposure of backup file to an unauthorized control sphere. • https://github.com/magicwave18/vuldb/issues/2 https://vuldb.com/?ctiid.240927 https://vuldb.com/?id.240927 • CWE-530: Exposure of Backup File to an Unauthorized Control Sphere CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2023-5296 – Xinhu RockOA Password password recovery
https://notcve.org/view.php?id=CVE-2023-5296
A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and classified as problematic. Affected by this issue is some unknown functionality of the file api.php?m=reimplat&a=index of the component Password Handler. The manipulation leads to weak password recovery. The attack may be launched remotely. • https://github.com/magicwave18/vuldb/issues/1 https://vuldb.com/?ctiid.240926 https://vuldb.com/?id.240926 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1773 – Rockoa Configuration File webmainConfig.php code injection
https://notcve.org/view.php?id=CVE-2023-1773
A vulnerability was found in Rockoa 2.3.2. It has been declared as critical. This vulnerability affects unknown code of the file webmainConfig.php of the component Configuration File Handler. The manipulation leads to code injection. The attack can be initiated remotely. • https://gitee.com/galaxies2580/cve/blob/master/xinhuv2.3.2.md https://vuldb.com/?ctiid.224674 https://vuldb.com/?id.224674 • CWE-94: Improper Control of Generation of Code ('Code Injection') •