Vulnerabilities > Rockoa
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-01-26 | CVE-2020-21147 | Cross-site Scripting vulnerability in Rockoa 1.9.8 RockOA V1.9.8 is affected by a cross-site scripting (XSS) vulnerability which allows remote attackers to send malicious code to the administrator and execute JavaScript code, because webmain/flow/input/mode_emailmAction.php does not perform strict filtering. | 3.5 |
2020-12-26 | CVE-2020-35388 | Unspecified vulnerability in Rockoa Xinhu 2.1.9 rainrocka xinhu 2.1.9 allows remote attackers to obtain sensitive information via an index.php?a=gettotal request in which the ajaxbool value is manipulated to be true. | 5.0 |
2019-06-28 | CVE-2019-9846 | SQL Injection vulnerability in Rockoa RockOA 1.8.7 allows remote attackers to obtain sensitive information because the webmain/webmainAction.php publictreestore method constructs a SQL WHERE clause unsafely by using the pidfields and idfields parameters, aka background SQL injection. | 4.0 |