Vulnerability Details CVE-2025-63737
Cross-site scripting (XSS) vulnerability in function urltestAction in file cliAction.php in Xinhu Rainrock RockOA 2.7.0 allows remote attackers to inject arbitrary web script or HTML via the m parameter to the task.php endpoint.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 9.4%
CVSS Severity
CVSS v3 Score 6.1
References