125 matches found
CVE-2025-29688
A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /daymanager/daymanageabilitycontroller.java...
PT-2025-21247 · Oa System · Oa System
Name of the Vulnerable Software and Affected Versions: OA System versions prior to 2025.01.01 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at the...
CVE-2025-29688
A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /daymanager/daymanageabilitycontroller.java...
PT-2025-21243 · Oa System · Oa System
Name of the Vulnerable Software and Affected Versions: OA System versions prior to 2025.01.01 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the outtype parameter at the "/address/AddrController.java"...
CVE-2025-29690
A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the outtype parameter at /address/AddrController.java...
CVE-2025-29691
A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the userName parameter at /login/LoginsController.java...
CVE-2025-29686
A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /inform/InformManageController.java...
CVE-2025-29691
A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the userName parameter at /login/LoginsController.java...
CVE-2025-29690
A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the outtype parameter at /address/AddrController.java...
PT-2025-21244 · Oa System · Oa System
Name of the Vulnerable Software and Affected Versions: OA System versions prior to v2025.01.01 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the userName parameter at the "/login/LoginsController.java" A...
CVE-2025-29689
A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the password parameter at /mail/MailController.java...
CVE-2025-29689
A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the password parameter at /mail/MailController.java...
CVE-2025-29688
CVE-2025-29688 affects OA System prior to version 2025.01.01. It is a cross-site scripting (XSS) vulnerability where a crafted payload injected into the title parameter of the /daymanager/daymanageabilitycontroller.java endpoint allows execution of arbitrary web scripts or HTML. Root cause: insuf...
CVE-2025-29690
OA System is affected by CVE-2025-29690: an XSS vulnerability in versions prior to 2025.01.01 reachable via the outtype parameter in /address/AddrController.java. Root cause: improper handling/escaping of input leads to execution of arbitrary scripts/HTML. Impact per sources is low/medium in CVSS...
CVE-2025-29686
CVE-2025-29686 describes an XSS vulnerability in OA System prior to version 2025.01.01. The issue arises from improper input handling in the title parameter at /inform/InformManageController.java, allowing attackers to inject arbitrary web scripts/HTML. The CVE entry consistently lists the affect...
CVE-2025-29691
CVE-2025-29691 affects OA System prior to v2025.01.01. The vulnerability is a cross-site scripting (XSS) issue in the login flow, triggered by crafting payloads injected into the userName parameter in /login/LoginsController.java. Documented impact is arbitrary web scripts/HTML execution. A patch...
CVE-2025-29689
CVE-2025-29689 describes an XSS in OA System prior to 2025.01.01. The vulnerability stems from improper input handling of the password parameter in the endpoint “/mail/MailController.java”, allowing execution of arbitrary web scripts/HTML. A fix is available: upgrade OA System to 2025.01.01 or la...
oa_system 跨站脚本漏洞
oasystem is a hailey individual developer's application for the day-to-day operation and management of organizations, used by employees and managers. A security vulnerability exists in oasystem versions prior to v2025.01.01, which stems from improperly cleaned input of the parameter password in t...
CVE-2025-3391
A vulnerability has been found in hailey888 oasystem up to 2025.01.01 and classified as problematic. Affected by this vulnerability is the function outAddress of the file cn/gson/oass/controller/address/AddrController. java of the component Backend. The manipulation of the argument outtype leads ...
PT-2025-15311 · Unknown · Hailey888 Oa System
Name of the Vulnerable Software and Affected Versions: hailey888 oa system versions up to 2025.01.01 Description: A vulnerability has been found in the function outAddress of the file cn/gson/oass/controller/address/AddrController.java of the component Backend. The manipulation of the argument...