CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-21147

RockOA V1.9.8 is affected by a cross-site scripting (XSS) vulnerability which allows remote attackers to send malicious code to the administrator and execute JavaScript code, because webmain/flow/input/mode_emailmAction.php does not perform strict filtering.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 45.1%

CVSS Severity

CVSS v3 Score 4.8

CVSS v2 Score 3.5

References

https://blog.csdn.net/adminxw/article/details/102881463
https://github.com/alixiaowei/alixiaowei.github.io/issues/2
https://blog.csdn.net/adminxw/article/details/102881463
https://github.com/alixiaowei/alixiaowei.github.io/issues/2

Products affected by CVE-2020-21147

Rockoa » Rockoa » Version: 1.9.8

cpe:2.3:a:rockoa:rockoa:1.9.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-21147

Products

Pricing

Contact Us