Lemon OA is an open source office OA system developed by XuHuisheng personal developer using the Java language.Lemon OA version V1.10.0 has a security vulnerability that originates from the potrtalItemName parameter in webPortalController.java. An attacker can use the vulnerability to execute arbitrary web script or HTML.