CVE-2020-21147

Name of the Vulnerable Software and Affected Versions: RockOA version 1.9.8

Description: The issue allows remote attackers to send malicious code to the administrator and execute JavaScript code due to insufficient filtering in the webmain/flow/input/mode emailmAction.php file. This enables cross-site scripting (XSS) attacks.

Recommendations: For RockOA version 1.9.8, consider disabling access to the mode emailmAction.php file in the webmain/flow/input directory until a patch is available to prevent exploitation of the XSS vulnerability. Restrict input validation to minimize the risk of malicious code execution.