Vulnerabilities

CVE-2025-63737

by Fred · 09/12/2025

Cross-site scripting (XSS) vulnerability in function urltestAction in file cliAction.php in Xinhu Rainrock RockOA 2.7.0 allows remote attackers to inject arbitrary web script or HTML via the m parameter to the task.php endpoint.

More information : https://github.com/rainrocka/xinhu/issues/10

Similar

Tags: Cybersecurity Alert