CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37623
https://notcve.org/view.php?id=CVE-2024-37623
17 Jun 2024 — Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /kaoqin/tpl_kaoqin_locationchange.html component. Se descubrió que Xinhu RockOA v2.6.3 contiene una vulnerabilidad de cross site scripting (XSS) reflejado a través del componente /kaoqin/tpl_kaoqin_locationchange.html. • https://github.com/rainrocka/xinhu/issues/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48930
https://notcve.org/view.php?id=CVE-2023-48930
06 Dec 2023 — xinhu xinhuoa 2.2.1 contains a File upload vulnerability. xinhu xinhuoa 2.2.1 contiene una vulnerabilidad de carga de archivos. • https://gist.github.com/Maverickfir/b8113bdb51ec66e454ffa5b50674c446 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45041
https://notcve.org/view.php?id=CVE-2022-45041
19 Dec 2022 — SQL Injection exits in xinhu < 2.5.0 La inyección SQL sale en xinhu < 2.5.0 • https://github.com/N1k0la-T/somefiles/blob/main/sqli.py • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2020-35388
https://notcve.org/view.php?id=CVE-2020-35388
26 Dec 2020 — rainrocka xinhu 2.1.9 allows remote attackers to obtain sensitive information via an index.php?a=gettotal request in which the ajaxbool value is manipulated to be true. rainrocka xinhu versión 2.1.9, permite a atacantes remotos obtener información confidencial por medio de una petición a index.php?a=gettotal en la que el valor de ajaxbool es manipulado para que sea verdadero • https://github.com/xuechengen/xinhu-oa/blob/main/README.md •