Xinhu RockOA v2.6.3 Vulnerable to Reflected Cross-Site Scripting (XSS)
CVE-2024-37623

Currently unrated

Key Information:

Vendor: Xinhu
Status: Xinhu
Vendor: CVE Published:; 17 June 2024

What is CVE-2024-37623?

The Xinhu RockOA version 2.6.3 contains a reflected cross-site scripting vulnerability located within the /kaoqin/tpl_kaoqin_locationchange.html component. This flaw enables malicious actors to manipulate input fields, potentially allowing them to inject and execute arbitrary scripts in the context of a user's browser. Such vulnerabilities can lead to session hijacking, data theft, or unauthorized actions performed in the affected user’s session, emphasizing the importance of implementing robust input validation and output encoding practices.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/rainrocka/xinhu/issues/5

Timeline

Vulnerability published
Jun 17, 2024
Vulnerability Reserved
Jun 10, 2024

JSON

Xinhu

What is CVE-2024-37623?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.