NotCVE - vendor:"Rockoa" product:"Rockoa" version:"1.9.8"

4 results (0.003 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-49363

https://notcve.org/view.php?id=CVE-2023-49363

Rockoa <2.3.3 is vulnerable to SQL Injection. The problem exists in the indexAction method in reimpAction.php. Rockoa en versiones < 2.3.3 es vulnerable a la inyección SQL. El problema existe en el método indexAction en reimpAction.php. • https://github.com/wednesdaygogo/Vulnerability-recurrence/blob/main/rockoa%20less%20than%202.3.3%20sql%20injection%20vulnerability.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1

CVE-2023-5296 – Xinhu RockOA Password password recovery

https://notcve.org/view.php?id=CVE-2023-5296

A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and classified as problematic. Affected by this issue is some unknown functionality of the file api.php?m=reimplat&a=index of the component Password Handler. The manipulation leads to weak password recovery. The attack may be launched remotely. • https://github.com/magicwave18/vuldb/issues/1 https://vuldb.com/?ctiid.240926 https://vuldb.com/?id.240926 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •

CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-20593

https://notcve.org/view.php?id=CVE-2020-20593

A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an administrator account. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Rockoa versión v1.9.8, permite a un atacante autenticado añadir arbitrariamente una cuenta de administrador • http://www.rockoa.com/view_demo.html https://github.com/alixiaowei/alixiaowei.github.io/issues/1 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2

CVE-2020-21147

https://notcve.org/view.php?id=CVE-2020-21147

RockOA V1.9.8 is affected by a cross-site scripting (XSS) vulnerability which allows remote attackers to send malicious code to the administrator and execute JavaScript code, because webmain/flow/input/mode_emailmAction.php does not perform strict filtering. RockOA versión V1.9.8, está afectado por una vulnerabilidad de tipo cross-site scripting (XSS) que permite a atacantes remotos enviar código malicioso al administrador y ejecutar código JavaScript, porque el archivo webmain/flow/input/mode_emailmAction.php no lleva a cabo un filtrado estricto • https://blog.csdn.net/adminxw/article/details/102881463 https://github.com/alixiaowei/alixiaowei.github.io/issues/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •