Plattform
php
Komponente
rainrock-rockoa
Behoben in
2.7.1
2.7.2
CVE-2026-0587 describes a cross-site scripting (XSS) vulnerability discovered in Rainrock RockOA versions 2.7.0 through 2.7.1. This flaw allows attackers to inject malicious scripts into the application via manipulation of the 'fengmian' argument within the Cover Image Handler (rockpagegong.php). Successful exploitation can lead to session hijacking and other malicious actions. A public exploit is available, indicating an elevated risk of active attacks.
The primary impact of CVE-2026-0587 is the potential for cross-site scripting (XSS) attacks. An attacker could craft a malicious URL or inject script tags through the 'fengmian' parameter, which, when accessed by a user, would execute the attacker's script within the user's browser context. This could lead to session hijacking, where the attacker steals the user's session cookie and gains unauthorized access to their account. Furthermore, the attacker could deface the website, redirect users to malicious sites, or steal sensitive information entered into web forms. The availability of a public exploit significantly increases the likelihood of exploitation, particularly against unpatched installations.
CVE-2026-0587 has a LOW CVSS score, but the availability of a public proof-of-concept (POC) significantly increases its exploitability. The vulnerability was publicly disclosed on 2026-01-05. The vendor, Rainrock, was contacted but did not respond. Given the public exploit and lack of vendor response, this vulnerability should be prioritized for remediation.
Organizations using Rainrock RockOA versions 2.7.0 through 2.7.1, particularly those with publicly accessible instances, are at risk. Shared hosting environments where RockOA is installed are especially vulnerable due to the potential for cross-tenant exploitation.
• php / web:
grep -r 'fengmian' /var/www/rockoa/ -l• php / web:
find /var/www/rockoa/ -name 'rock_page_gong.php' -print• generic web:
curl -I http://your-rockoa-site.com/rock_page_gong.php?fengmian=<script>alert(1)</script>disclosure
Exploit-Status
EPSS
0.03% (9% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-0587 is to upgrade Rainrock RockOA to a patched version. As of this writing, a specific patched version is not provided. Until a patch is available, consider implementing input validation and sanitization on the 'fengmian' parameter within the rockpagegong.php file. Web application firewalls (WAFs) configured to detect and block XSS payloads targeting this specific file and parameter can provide an additional layer of defense. Regularly monitor web server access logs for suspicious requests containing unusual characters or patterns in the 'fengmian' parameter.
Actualice Xinhu Rainrock RockOA a una versión posterior a 2.7.1. Si no es posible actualizar, revise y filtre las entradas del parámetro 'fengmian' en el archivo rock_page_gong.php para evitar la ejecución de código XSS.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-0587 is a cross-site scripting (XSS) vulnerability in Rainrock RockOA versions 2.7.0-2.7.1, allowing attackers to inject malicious scripts via the 'fengmian' parameter.
You are affected if you are using Rainrock RockOA versions 2.7.0 or 2.7.1 and have not upgraded to a patched version.
Upgrade to a patched version of Rainrock RockOA. As a temporary workaround, implement input validation and sanitization on the 'fengmian' parameter.
A public exploit exists, indicating a high probability of active exploitation, especially against unpatched systems.
As of this writing, Rainrock has not released an official advisory. Monitor their website and security mailing lists for updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.