Platform
php
Component
rainrock-rockoa
Fixed in
2.7.1
2.7.2
CVE-2026-0587 describes a cross-site scripting (XSS) vulnerability discovered in Rainrock RockOA versions 2.7.0 through 2.7.1. This flaw allows attackers to inject malicious scripts into the application via manipulation of the 'fengmian' argument within the Cover Image Handler (rockpagegong.php). Successful exploitation can lead to session hijacking and other malicious actions. A public exploit is available, indicating an elevated risk of active attacks.
The primary impact of CVE-2026-0587 is the potential for cross-site scripting (XSS) attacks. An attacker could craft a malicious URL or inject script tags through the 'fengmian' parameter, which, when accessed by a user, would execute the attacker's script within the user's browser context. This could lead to session hijacking, where the attacker steals the user's session cookie and gains unauthorized access to their account. Furthermore, the attacker could deface the website, redirect users to malicious sites, or steal sensitive information entered into web forms. The availability of a public exploit significantly increases the likelihood of exploitation, particularly against unpatched installations.
CVE-2026-0587 has a LOW CVSS score, but the availability of a public proof-of-concept (POC) significantly increases its exploitability. The vulnerability was publicly disclosed on 2026-01-05. The vendor, Rainrock, was contacted but did not respond. Given the public exploit and lack of vendor response, this vulnerability should be prioritized for remediation.
Exploit Status
EPSS
0.03% (9% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-0587 is to upgrade Rainrock RockOA to a patched version. As of this writing, a specific patched version is not provided. Until a patch is available, consider implementing input validation and sanitization on the 'fengmian' parameter within the rockpagegong.php file. Web application firewalls (WAFs) configured to detect and block XSS payloads targeting this specific file and parameter can provide an additional layer of defense. Regularly monitor web server access logs for suspicious requests containing unusual characters or patterns in the 'fengmian' parameter.
Update Xinhu Rainrock RockOA to a version later than 2.7.1. If updating is not possible, review and filter the inputs of the 'fengmian' parameter in the rock_page_gong.php file to prevent XSS code execution.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-0587 is a cross-site scripting (XSS) vulnerability in Rainrock RockOA versions 2.7.0-2.7.1, allowing attackers to inject malicious scripts via the 'fengmian' parameter.
You are affected if you are using Rainrock RockOA versions 2.7.0 or 2.7.1 and have not upgraded to a patched version.
Upgrade to a patched version of Rainrock RockOA. As a temporary workaround, implement input validation and sanitization on the 'fengmian' parameter.
A public exploit exists, indicating a high probability of active exploitation, especially against unpatched systems.
As of this writing, Rainrock has not released an official advisory. Monitor their website and security mailing lists for updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.