Home

Description

RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile.

PUBLISHED Reserved 2026-04-06 | Published 2026-06-03 | Updated 2026-06-03 | Assigner mitre

References

raxis.com/...-xss-in-rock-rms-leads-to-privilege-escalation/ exploit

sparkdevnetwork.com

raxis.com/...-xss-in-rock-rms-leads-to-privilege-escalation/

cve.org (CVE-2026-36748)

nvd.nist.gov (CVE-2026-36748)

Download JSON