O2OA 代码问题漏洞

O2OA is an open-source enterprise application development platform developed by O2OA. Versions of O2OA 10.0 and earlier contained code vulnerabilities. These vulnerabilities were caused by an operation in the FileAction function during component URL fetching, which led to server-side request...

CVE-2026-2074 O2OA HTTP POST Request check xml external entity reference

A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /xprogramcenter/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit is...

O2OA 代码问题漏洞

O2OA is an open-source enterprise application development platform developed by O2OA. Versions of O2OA 9.0.0 and earlier contained code vulnerabilities due to XML external entity references in the HTTP POST request handler...

CVE-2025-9718

A security flaw has been discovered in O2OA up to 10.0-410. This affects an unknown part of the file /xprocessplatformassembledesigner/jaxrs/process of the component Personal Profile Page. Performing manipulation of the argument name/alias results in cross site scripting. Remote exploitation of t...

CVE-2025-9717

A vulnerability was identified in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /xorganizationassemblecontrol/jaxrs/unit/ of the component Personal Profile Page. Such manipulation of the argument name/shortName/distinguishedName/pinyin/pinyinInitial/levelNa...

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA 10.0-410 and earlier versions, which stems from cross-site scripting due to incorrect manipulation of the parameter name/alias in the file...

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA 10.0-410 and earlier versions, which stems from a cross-site scripting attack due to incorrect manipulation of the parameter description/applicationName/queryName in the file...

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA version 10.0-410 and earlier, which stems from a cross-site scripting attack due to incorrect manipulation of the parameter description/queryName in the file...

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA 10.0-410 and earlier versions, which stems from incorrect manipulation of the parameter name/alias/description/applicationName in the file...

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA open source. A security vulnerability exists in O2OA 10.0-410 and earlier versions, which stems from a cross-site scripting caused by incorrect manipulation of the parameters name/alias/description in the file...

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA open source. A security vulnerability exists in O2OA version 10.0-410 and earlier, which originates from cross-site scripting due to incorrect manipulation of parameters in the file /xcmsassemblecontrol/jaxrs/form...

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA open source. A security vulnerability exists in O2OA version 10.0-410 and earlier, which originates from cross-site scripting due to incorrect manipulation of parameters in the file /xprogramcenter/jaxrs/agent...

CVE-2025-9655 O2OA Personal Profile person cross site scripting

A weakness has been identified in O2OA up to 10.0-410. This affects an unknown part of the file /xorganizationassemblecontrol/jaxrs/person/ of the component Personal Profile Page. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be launched...

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA 10.0-410 and earlier versions, which originates from cross-site scripting due to incorrect operation of the parameter toMonthViewName in the file...

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA open source. A security vulnerability exists in O2OA version 9.0.3, which stems from mishandling of the mainOutput function and could lead to remote code execution...

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA open source. A security vulnerability exists in O2OA v8.3.8, which stems from the presence of an arbitrary file upload vulnerability that allows an attacker to execute arbitrary code by uploading a crafted PDF file...

O2OA Security Breach

O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA 8.1.2 and earlier versions, which stems from the presence of a Remote Code Execution RCE vulnerability. The vulnerability can be exploited by an attacker to create a new interface...