Xinhu Rainrock RockOA Cross-Site Scripting Vulnerability in Cover Image Handler

A stored cross-site scripting vulnerability has been identified in Xinhu Rainrock RockOA versions through 2.7.1. The issue resides in the rock_page_gong.php file within the Cover Image Handler component. The vulnerability is triggered by manipulating the fengmian parameter, which accepts user input without proper sanitization. This flaw allows attackers to inject malicious scripts that are executed when other users view the affected content. The vulnerability can be exploited remotely, and a public proof-of-concept is available.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the affected content.

Reproduction

To reproduce this vulnerability, log into a Xinhu Rainrock RockOA application version 2.7.1 or earlier. Navigate to the 'Notice and Announcement' module and add a new notice. In the fengmian (cover image) parameter, insert a payload that exploits the cross-site scripting vulnerability, such as an image URL with an embedded script. Once the notice is saved, the injected script will execute when viewed in the 'Personal Center' reminder section.