📦 Xinhu

CVE-2023-48930 is an unrestricted file upload vulnerability in Xinhu OA 2.2.1 that allows attackers to upload malicious files to the server. This affects all organizations using the vulnerable version...

This SQL injection vulnerability in rainrocka xinhu allows remote attackers to execute arbitrary SQL commands via the inputAction.php file's saveAjax function. Attackers can potentially read, modify, ...

RockOA v2.6.5 contains a directory traversal vulnerability in the beifenAction.php file that allows attackers to read arbitrary files on the server by manipulating file paths. This affects all systems...

This critical SQL injection vulnerability in Xinhu RockOA allows remote attackers to execute arbitrary SQL commands by manipulating the nickName parameter in the dataAction function. This affects all ...

Xinhu RockOA v2.6.3 contains a reflected cross-site scripting (XSS) vulnerability in the /kaoqin/tpl_kaoqin_locationchange.html component. This allows attackers to inject malicious scripts that execut...