Vulnerabilities > Rockoa > Rockoa > 1.9.8

DATE CVE VULNERABILITY TITLE RISK
2023-12-13 CVE-2023-49363 SQL Injection vulnerability in Rockoa
Rockoa <2.3.3 is vulnerable to SQL Injection.
network
low complexity
rockoa CWE-89
critical
 9.8
9.8
2021-12-22 CVE-2020-20593 Cross-Site Request Forgery (CSRF) vulnerability in Rockoa 1.9.8
A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an administrator account.
network
rockoa CWE-352
6.0
6.0
2021-01-26 CVE-2020-21147 Cross-site Scripting vulnerability in Rockoa 1.9.8
RockOA V1.9.8 is affected by a cross-site scripting (XSS) vulnerability which allows remote attackers to send malicious code to the administrator and execute JavaScript code, because webmain/flow/input/mode_emailmAction.php does not perform strict filtering.
network
rockoa CWE-79
3.5
3.5