CVE-2025-9655 O2OA Personal Profile person cross site scripting

A weakness has been identified in O2OA up to 10.0-410. This affects an unknown part of the file /xorganizationassemblecontrol/jaxrs/person/ of the component Personal Profile Page. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be launched...

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA open source. A security vulnerability exists in O2OA 10.0-410 and earlier versions, which originates from a cross-site scripting due to the incorrect operation of the parameter name/alias/description in the file...

PT-2025-35226

Name of the Vulnerable Software and Affected Versions: O2OA versions up to 10.0-410 Description: A weakness exists in O2OA up to version 10.0-410, specifically within the Personal Profile Page component. Manipulation of the Description argument in the /x organization assemble control/jaxrs/person...

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA 10.0-410 and earlier versions, which originates from cross-site scripting due to incorrect operation of the parameter toMonthViewName in the file...

CVE-2024-37777

O2OA v9.0.3 was discovered to contain a remote code execution RCE vulnerability via the mainOutput function...

CVE-2024-37777

Summary: CVE-2024-37777 affects O2OA v9.0.3, with a remote code execution (RCE) vulnerability disclosed in the mainOutput() function. Multiple sources (including Red Hat and PT-Security entries) describe an RCE issue in O2OA 9.0.3 tied to mishandling in mainOutput(), enabling code execution. CVSS...

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA open source. A security vulnerability exists in O2OA version 9.0.3, which stems from mishandling of the mainOutput function and could lead to remote code execution...

CVE-2024-37777

O2OA v9.0.3 was discovered to contain a remote code execution RCE vulnerability via the mainOutput function...

PT-2025-34929 · O2Oa · O2Oa

Name of the Vulnerable Software and Affected Versions: O2OA version 9.0.3 Description: O2OA version 9.0.3 contains a remote code execution RCE issue via the mainOutput function. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerabilit...

CVE-2024-37777

O2OA v9.0.3 was discovered to contain a remote code execution RCE vulnerability via the mainOutput function...

CVE-2025-22994

O2OA 9.1.3 is vulnerable to Cross Site Scripting XSS in Meetings - Settings...

CVE-2023-47418

Remote Code Execution RCE vulnerability in o2oa version 8.1.2 and before, allows attackers to create a new interface in the service management function to execute JavaScript...

CVE-2022-22916

O2OA v6.4.7 was discovered to contain a remote code execution RCE vulnerability via /xprogramcenter/jaxrs/invoke...

CVE-2024-35591

An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers to execute arbitrary code via uploading a crafted PDF file...

CVE-2025-22994

O2OA 9.1.3 is vulnerable to Cross Site Scripting XSS in Meetings - Settings...

CVE-2025-22994

O2OA 9.1.3 is vulnerable to Cross Site Scripting XSS in Meetings - Settings...

CVE-2025-22994

O2OA 9.1.3 is vulnerable to Cross Site Scripting XSS in Meetings - Settings...

PT-2025-4759 · O2Oa · O2Oa

Name of the Vulnerable Software and Affected Versions: O2OA version 9.1.3 Description: The issue is related to Cross Site Scripting XSS in the Meetings - Settings section. This allows for potential malicious script execution. Recommendations: For O2OA version 9.1.3, update to a version that...

CVE-2025-22994

CVE-2025-22994 affects O2OA version 9.1.3, with a Cross Site Scripting (XSS) flaw in the Meetings – Settings area. The available sources confirm the issue but do not provide details on the root cause specifics or a verified patch/version that fixes it. The connected documents do not expose a conc...

CVE-2024-35591

An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers to execute arbitrary code via uploading a crafted PDF file...