Cross-Site Scripting Vulnerability in RockOA Web Application by Alixiaowei
CVE-2020-21147

4.8MEDIUM

Key Information:

Vendor

Rockoa

Status
Rockoa
Vendor
CVE Published:
26 January 2021

What is CVE-2020-21147?

RockOA version 1.9.8 is susceptible to a cross-site scripting vulnerability that enables remote attackers to inject and execute malicious JavaScript code on the administrator's browser. This flaw arises due to inadequate input validation within the webmain/flow/input/mode_emailmAction.php file, allowing attackers to exploit the system and potentially gain unauthorized access to sensitive administrator functions.

References

https://github.com/alixiaowei/alixiaowei.github.io/issues/2
x_refsource_MISC
https://blog.csdn.net/adminxw/article/details/102881463
x_refsource_MISC

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2020-21147 : Cross-Site Scripting Vulnerability in RockOA Web Application by Alixiaowei