Vulnerabilities > Rockoa

DATE	CVE	VULNERABILITY TITLE	RISK
2021-01-26	CVE-2020-21147	Cross-site Scripting vulnerability in Rockoa 1.9.8 RockOA V1.9.8 is affected by a cross-site scripting (XSS) vulnerability which allows remote attackers to send malicious code to the administrator and execute JavaScript code, because webmain/flow/input/mode_emailmAction.php does not perform strict filtering. network rockoa CWE-79	3.5
2020-12-26	CVE-2020-35388	Unspecified vulnerability in Rockoa Xinhu 2.1.9 rainrocka xinhu 2.1.9 allows remote attackers to obtain sensitive information via an index.php?a=gettotal request in which the ajaxbool value is manipulated to be true. network low complexity rockoa	5.0
2019-06-28	CVE-2019-9846	SQL Injection vulnerability in Rockoa RockOA 1.8.7 allows remote attackers to obtain sensitive information because the webmain/webmainAction.php publictreestore method constructs a SQL WHERE clause unsafely by using the pidfields and idfields parameters, aka background SQL injection. network low complexity rockoa CWE-89	4.0

Vulnerabilities > Rockoa {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Rockoa"}]}