VYPR

Rainrock RockOA

by Xinhu

CVEs (3)

  • CVE-2026-0587LowJan 5, 2026
    risk 0.23cvss 3.5epss 0.00

    A security flaw has been discovered in Xinhu Rainrock RockOA up to 2.7.1. Affected is an unknown function of the file rock_page_gong.php of the component Cover Image Handler. The manipulation of the argument fengmian results in cross site scripting. The attack can be launched…

  • CVE-2025-63742Dec 9, 2025
    risk 0.00cvss epss 0.00

    SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the…

  • CVE-2025-63738Dec 9, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in file index.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to gain sensitive information via phpinfo via the a parameter to the index.php.