CVE-2026-0587
Unknown Unknown - Not Provided
Cross-Site Scripting in Xinhu Rainrock RockOA Cover Image Handler

Publication date: 2026-01-05

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security flaw has been discovered in Xinhu Rainrock RockOA up to 2.7.1. Affected is an unknown function of the file rock_page_gong.php of the component Cover Image Handler. The manipulation of the argument fengmian results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-05
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-01-05
EPSS Evaluated
2026-06-14
NVD
CVE-2026-0587
EUVD
EUVD-2026-0860
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
xinhu rockoa to 2.7.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-0587 is a Stored Cross-Site Scripting (XSS) vulnerability in Xinhu Rainrock RockOA up to version 2.7.1. It occurs in the file rock_page_gong.php within the Cover Image Handler component. The vulnerability arises because the 'fengmian' parameter, which is user-controllable, is not properly sanitized before being included in the web page output. This allows an attacker to inject malicious JavaScript code that executes in the browsers of users who view the affected page, potentially compromising data integrity and security. [1, 2]

Impact Analysis

This vulnerability can allow remote attackers to execute malicious JavaScript in the context of the affected web application. Exploitation can lead to session hijacking, unauthorized actions performed on behalf of users, or execution of arbitrary malicious code. Since the attack is stored, any user viewing the affected page may be impacted. The exploit is easy to perform and requires some user interaction, making it a practical threat. [1, 2]

Detection Guidance

This vulnerability can be detected by searching for instances of the vulnerable file rock_page_gong.php being accessed with the 'fengmian' parameter. One method is to use Google dorking with the query 'inurl:rock_page_gong.php' to identify potentially vulnerable targets. Additionally, monitoring HTTP requests for POST submissions containing the 'fengmian' parameter with suspicious payloads (e.g., JavaScript event handlers like onerror) can help detect exploitation attempts. For example, using network monitoring tools or web server logs, you can grep for requests containing 'fengmian' or suspicious script injections. Example command to search web server logs: grep -i 'fengmian' /var/log/apache2/access.log [1, 2]

Mitigation Strategies

Currently, there are no known mitigations or countermeasures available from the vendor. The recommended immediate step is to replace the vulnerable Xinhu Rainrock RockOA product with an alternative solution. Additionally, as a temporary measure, you can implement web application firewall (WAF) rules to filter and block requests containing suspicious 'fengmian' parameter values that include script injections. Monitoring and restricting user input to the 'fengmian' parameter can also reduce risk until a patch or update is available. [1]

Compliance Impact

The provided resources do not specify how this cross-site scripting vulnerability in Xinhu Rainrock RockOA affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0587. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart