threat
engine
.sh
Back
·
··:··
Home
/
Product
/
rockoa
Product
rockoa
29 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-0588
<= 2.7.1
A weakness has been identified in Xinhu Rainrock RockOA up to 2.7.1. Affected by this vulnerability is an unknown functionality of
3.5
LOW
CVE-2026-0587
<= 2.7.1
A security flaw has been discovered in Xinhu Rainrock RockOA up to 2.7.1. Affected is an unknown function of the file rock_page_go
3.5
LOW
CVE-2025-63742
all versions
SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in Xinhu Rainrock RockOA 2.7.0 allo
9.8
CRITICAL
CVE-2025-63740
all versions
SQL Injection vulnerability in function getselectdataAjax in file inputAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attacker
4.3
MEDIUM
CVE-2025-63739
all versions
An issue was discovered in function phpinisaveAction in file webmain/system/cogini/coginiAction.php in Xinhu Rainrock RockOA 2.7.0
4.3
MEDIUM
CVE-2025-63738
all versions
An issue was discovered in file index.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to gain sensitive information via phpi
4.3
MEDIUM
CVE-2025-63737
all versions
Cross-site scripting (XSS) vulnerability in function urltestAction in file cliAction.php in Xinhu Rainrock RockOA 2.7.0 allows rem
6.1
MEDIUM
CVE-2025-9602
<= 2.6.9
A vulnerability was found in Xinhu RockOA up to 2.6.9. Impacted is the function publicsaveAjax of the file /index.php. Performing
6.3
MEDIUM
CVE-2024-57151
<= 2.6.5
SQL Injection vulnerability in rainrocka xinhu v.2.6.5 and before allows a remote attacker to execute arbitrary code via the input
6.8
MEDIUM
CVE-2024-48213
all versions
RockOA v2.6.5 is vulnerable to Directory Traversal in webmain/system/beifen/beifenAction.php.
4.3
MEDIUM
CVE-2024-7327
all versions
A vulnerability classified as critical was found in Xinhu RockOA 2.6.2. This vulnerability affects the function dataAction of the
6.3
MEDIUM
CVE-2024-6939
all versions
A vulnerability was found in Xinhu RockOA 2.6.3 and classified as problematic. Affected by this issue is the function okla of the
3.5
LOW
CVE-2024-37624
all versions
Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /chajian/inputChajian.p
6.1
MEDIUM
CVE-2024-37623
all versions
Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /kaoqin/tpl_kaoqin_loca
6.1
MEDIUM
CVE-2024-37622
all versions
Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the num parameter at /flow/
6.1
MEDIUM
CVE-2023-49363
< 2.3.3
Rockoa <2.3.3 is vulnerable to SQL Injection. The problem exists in the indexAction method in reimpAction.php.
9.8
CRITICAL
CVE-2023-48930
all versions
xinhu xinhuoa 2.2.1 contains a File upload vulnerability.
9.8
CRITICAL
CVE-2023-5297
all versions
A vulnerability was found in Xinhu RockOA 2.3.2. It has been classified as problematic. This affects the function start of the fil
3.7
LOW
CVE-2023-5296
all versions
A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and classified as problematic. Affected by this issue is some unknow
4.3
MEDIUM
CVE-2023-1773
all versions
A vulnerability was found in Rockoa 2.3.2. It has been declared as critical. This vulnerability affects unknown code of the file w
6.3
MEDIUM
CVE-2023-1501
all versions
A vulnerability, which was classified as critical, was found in RockOA 2.3.2. This affects the function runAction of the file aclo
6.3
MEDIUM
CVE-2022-45041
< 2.5.0
SQL Injection exits in xinhu < 2.5.0
7.5
HIGH
CVE-2020-20593
all versions
A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an administrator account.
8.0
HIGH
CVE-2020-18716
all versions
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php.
9.8
CRITICAL
CVE-2020-18714
all versions
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordModel.php's
9.8
CRITICAL
CVE-2020-18713
all versions
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.p
9.8
CRITICAL
CVE-2020-21147
all versions
RockOA V1.9.8 is affected by a cross-site scripting (XSS) vulnerability which allows remote attackers to send malicious code to th
4.8
MEDIUM
CVE-2020-35388
all versions
rainrocka xinhu 2.1.9 allows remote attackers to obtain sensitive information via an index.php?a=gettotal request in which the aja
7.5
HIGH
CVE-2019-9846
< 1.8.7
RockOA 1.8.7 allows remote attackers to obtain sensitive information because the webmain/webmainAction.php publictreestore method
8.8
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin