Lucene search
+L

125 matches found

Positive Technologies
Positive Technologies
added 2025/06/03 12:0 a.m.4 views

PT-2025-23679 · Unknown · Aaluoxiang Oa System

Name of the Vulnerable Software and Affected Versions: aaluoxiang oa system up to 5b445a6227b51cee287bd0c7c33ed94b801a82a5 Description: A problematic vulnerability has been found in aaluoxiang oa system, affecting the image function of the file...

7.5CVSS4.3AI score0.00571EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/05/22 4:56 p.m.9 views

CVE-2020-18019

SQL Injection in Xinhu OA System v1.8.3 allows remote attackers to obtain sensitive information by injecting arbitrary commands into the "typeid" variable of the "createfolderAjax" function in the "modeworcAction.php" component...

7.5CVSS7.9AI score0.01519EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/16 12:58 a.m.21 views

CVE-2025-29689

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the password parameter at /mail/MailController.java...

6.1CVSS5.9AI score0.00228EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/16 12:58 a.m.20 views

CVE-2025-29690

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the outtype parameter at /address/AddrController.java...

6.1CVSS5.8AI score0.00228EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/16 12:58 a.m.20 views

CVE-2025-29691

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the userName parameter at /login/LoginsController.java...

6.1CVSS5.8AI score0.00229EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/16 12:57 a.m.21 views

CVE-2025-29688

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /daymanager/daymanageabilitycontroller.java...

6.1CVSS5.8AI score0.00228EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/16 12:57 a.m.20 views

CVE-2025-29686

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /inform/InformManageController.java...

6.1CVSS5.8AI score0.00228EPSS
Exploits1References1
NVD
NVD
added 2025/05/14 10:15 p.m.18 views

CVE-2025-29691

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the userName parameter at /login/LoginsController.java...

6.1CVSS0.00229EPSS
Exploits1References1
OSV
OSV
added 2025/05/14 10:15 p.m.3 views

CVE-2025-29686

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /inform/InformManageController.java...

6.1CVSS5.9AI score0.00228EPSS
Exploits1References1
OSV
OSV
added 2025/05/14 10:15 p.m.4 views

CVE-2025-29690

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the outtype parameter at /address/AddrController.java...

6.1CVSS5.9AI score0.00228EPSS
Exploits1References1
NVD
NVD
added 2025/05/14 10:15 p.m.15 views

CVE-2025-29689

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the password parameter at /mail/MailController.java...

6.1CVSS0.00228EPSS
Exploits1References1
OSV
OSV
added 2025/05/14 10:15 p.m.3 views

CVE-2025-29688

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /daymanager/daymanageabilitycontroller.java...

6.1CVSS5.9AI score0.00228EPSS
Exploits1References1
OSV
OSV
added 2025/05/14 10:15 p.m.4 views

CVE-2025-29691

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the userName parameter at /login/LoginsController.java...

6.1CVSS5.9AI score0.00229EPSS
Exploits1References1
NVD
NVD
added 2025/05/14 10:15 p.m.11 views

CVE-2025-29690

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the outtype parameter at /address/AddrController.java...

6.1CVSS0.00228EPSS
Exploits1References1
NVD
NVD
added 2025/05/14 10:15 p.m.10 views

CVE-2025-29688

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /daymanager/daymanageabilitycontroller.java...

6.1CVSS0.00228EPSS
Exploits1References1
NVD
NVD
added 2025/05/14 10:15 p.m.14 views

CVE-2025-29686

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /inform/InformManageController.java...

6.1CVSS0.00228EPSS
Exploits1References1
OSV
OSV
added 2025/05/14 10:15 p.m.6 views

CVE-2025-29689

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the password parameter at /mail/MailController.java...

6.1CVSS5.9AI score0.00228EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/14 12:0 a.m.8 views

CVE-2025-29686

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /inform/InformManageController.java...

5.6AI score0.00228EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/14 12:0 a.m.6 views

oa_system 跨站脚本漏洞

oasystem is a hailey individual developer's application for the daily operation and management of organizations, used by employees and managers. A security vulnerability exists in oasystem versions prior to v2025.01.01, which stems from improperly cleaned inputs for the parameter title in the fil...

6.1CVSS5.9AI score0.00228EPSS
Exploits1References3
CVE
CVE
added 2025/05/14 12:0 a.m.44 views

CVE-2025-29689

CVE-2025-29689 describes an XSS in OA System prior to 2025.01.01. The vulnerability stems from improper input handling of the password parameter in the endpoint “/mail/MailController.java”, allowing execution of arbitrary web scripts/HTML. A fix is available: upgrade OA System to 2025.01.01 or la...

6.1CVSS6AI score0.00228EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder