CVE-2026-0587
Cross-Site Scripting in Xinhu Rainrock RockOA Cover Image Handler
Publication date: 2026-01-05
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| xinhu | rockoa | to 2.7.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-0587 is a Stored Cross-Site Scripting (XSS) vulnerability in Xinhu Rainrock RockOA up to version 2.7.1. It occurs in the file rock_page_gong.php within the Cover Image Handler component. The vulnerability arises because the 'fengmian' parameter, which is user-controllable, is not properly sanitized before being included in the web page output. This allows an attacker to inject malicious JavaScript code that executes in the browsers of users who view the affected page, potentially compromising data integrity and security. [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow remote attackers to execute malicious JavaScript in the context of the affected web application. Exploitation can lead to session hijacking, unauthorized actions performed on behalf of users, or execution of arbitrary malicious code. Since the attack is stored, any user viewing the affected page may be impacted. The exploit is easy to perform and requires some user interaction, making it a practical threat. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by searching for instances of the vulnerable file rock_page_gong.php being accessed with the 'fengmian' parameter. One method is to use Google dorking with the query 'inurl:rock_page_gong.php' to identify potentially vulnerable targets. Additionally, monitoring HTTP requests for POST submissions containing the 'fengmian' parameter with suspicious payloads (e.g., JavaScript event handlers like onerror) can help detect exploitation attempts. For example, using network monitoring tools or web server logs, you can grep for requests containing 'fengmian' or suspicious script injections. Example command to search web server logs: grep -i 'fengmian' /var/log/apache2/access.log [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Currently, there are no known mitigations or countermeasures available from the vendor. The recommended immediate step is to replace the vulnerable Xinhu Rainrock RockOA product with an alternative solution. Additionally, as a temporary measure, you can implement web application firewall (WAF) rules to filter and block requests containing suspicious 'fengmian' parameter values that include script injections. Monitoring and restricting user input to the 'fengmian' parameter can also reduce risk until a patch or update is available. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not specify how this cross-site scripting vulnerability in Xinhu Rainrock RockOA affects compliance with common standards and regulations such as GDPR or HIPAA.