CVE-2020-35388 — CVSS 7.5 (high): rainrocka xinhu 2.1.9 allows remote attackers to obtain sensitive information via an index.php?a=gettotal request in which the ajaxbool…
CVE-2024-57151 — CVSS 6.8 (medium): SQL Injection vulnerability in rainrocka xinhu v.2.6.5 and before allows a remote attacker to execute arbitrary code via the…
CVE-2024-7327 — CVSS 6.3 (medium): A vulnerability classified as critical was found in Xinhu RockOA 2.6.2. This vulnerability affects the function dataAction of the file…
CVE-2024-37624 — CVSS 6.1 (medium): Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /chajian/inputChajian.php…
CVE-2024-37623 — CVSS 6.1 (medium): Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /kaoqin/tpl_kaoqin_locationchange…
CVE-2024-37622 — CVSS 6.1 (medium): Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the num parameter at /flow/flow.php.