PT-2026-1275 · Xinhu Rainrock · Rockoa
Blackspdier
·
Publicado
2026-01-05
·
Atualizado
2026-01-05
·
CVE-2026-0588
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Xinhu Rainrock RockOA versions up to 2.7.1
Description
A security issue exists in Xinhu Rainrock RockOA. The issue involves cross site scripting, potentially allowing remote attacks. The issue is related to the manipulation of the
callback argument within an unknown functionality of the rockfun.php file in the API component. The exploit for this issue has been publicly released. The vendor was notified but did not respond.Recommendations
Versions prior to 2.7.1 should be updated.
Exploit
Correção
Code Injection
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Rockoa