CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6939 – Xinhu RockOA tpl_upload.html okla cross site scripting
https://notcve.org/view.php?id=CVE-2024-6939
21 Jul 2024 — A vulnerability was found in Xinhu RockOA 2.6.3 and classified as problematic. Affected by this issue is the function okla of the file /webmain/public/upload/tpl_upload.html. The manipulation of the argument callback leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/rainrocka/xinhu/issues/7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-37624
https://notcve.org/view.php?id=CVE-2024-37624
17 Jun 2024 — Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /chajian/inputChajian.php. component. Se descubrió que Xinhu RockOA v2.6.3 contenía una vulnerabilidad de cross site scripting (XSS) reflejado a través de /chajian/inputChajian.php. componente. • https://github.com/rainrocka/xinhu/issues/6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2023-5296 – Xinhu RockOA Password password recovery
https://notcve.org/view.php?id=CVE-2023-5296
29 Sep 2023 — A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and classified as problematic. Affected by this issue is some unknown functionality of the file api.php?m=reimplat&a=index of the component Password Handler. The manipulation leads to weak password recovery. The attack may be launched remotely. • https://github.com/magicwave18/vuldb/issues/1 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •