PT-2024-37977 · Unknown · Xinhu Rockoa
Jiashenghe
·
Published
2024-07-21
·
Updated
2024-09-20
·
CVE-2024-6939
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Xinhu RockOA version 2.6.3
Description
A vulnerability was found in the function
okla of the file /webmain/public/upload/tpl upload.html. The manipulation of the argument callback leads to cross site scripting. The attack may be launched remotely.Recommendations
For Xinhu RockOA version 2.6.3, consider disabling the
okla function in the /webmain/public/upload/tpl upload.html file until a patch is available. Restrict access to the callback argument to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xinhu Rockoa