Vulnerabilities > Rockoa > Rockoa > 1.9.8
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-13 | CVE-2023-49363 | SQL Injection vulnerability in Rockoa Rockoa <2.3.3 is vulnerable to SQL Injection. | 9.8 |
2021-12-22 | CVE-2020-20593 | Cross-Site Request Forgery (CSRF) vulnerability in Rockoa 1.9.8 A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an administrator account. | 6.0 |
2021-01-26 | CVE-2020-21147 | Cross-site Scripting vulnerability in Rockoa 1.9.8 RockOA V1.9.8 is affected by a cross-site scripting (XSS) vulnerability which allows remote attackers to send malicious code to the administrator and execute JavaScript code, because webmain/flow/input/mode_emailmAction.php does not perform strict filtering. | 3.5 |