Vulnerabilities > Rockoa > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-10-23 CVE-2024-48213 Path Traversal vulnerability in Rockoa Xinhu 2.6.5
RockOA v2.6.5 is vulnerable to Directory Traversal in webmain/system/beifen/beifenAction.php.
network
low complexity
rockoa CWE-22
4.3
4.3
2024-06-17 CVE-2024-37624 Cross-site Scripting vulnerability in Rockoa Xinhu 2.6.3
Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /chajian/inputChajian.php.
network
low complexity
rockoa CWE-79
6.1
6.1
2021-12-22 CVE-2020-20593 Cross-Site Request Forgery (CSRF) vulnerability in Rockoa 1.9.8
A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an administrator account.
network
rockoa CWE-352
6.0
6.0
2020-12-26 CVE-2020-35388 Unspecified vulnerability in Rockoa Xinhu 2.1.9
rainrocka xinhu 2.1.9 allows remote attackers to obtain sensitive information via an index.php?a=gettotal request in which the ajaxbool value is manipulated to be true.
network
low complexity
rockoa
5.0
5.0
2019-06-28 CVE-2019-9846 SQL Injection vulnerability in Rockoa
RockOA 1.8.7 allows remote attackers to obtain sensitive information because the webmain/webmainAction.php publictreestore method constructs a SQL WHERE clause unsafely by using the pidfields and idfields parameters, aka background SQL injection.
network
low complexity
rockoa CWE-89
4.0
4.0