Lucene search
K

125 matches found

Cvelist
Cvelist
added 2025/05/14 12:0 a.m.14 views

CVE-2025-29688

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /daymanager/daymanageabilitycontroller.java...

0.00228EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/14 12:0 a.m.4 views

PT-2025-21247 · Oa System · Oa System

Name of the Vulnerable Software and Affected Versions: OA System versions prior to 2025.01.01 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at the...

6.1CVSS5.6AI score0.00228EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/05/14 12:0 a.m.8 views

CVE-2025-29688

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /daymanager/daymanageabilitycontroller.java...

5.9AI score0.00228EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/14 12:0 a.m.4 views

PT-2025-21243 · Oa System · Oa System

Name of the Vulnerable Software and Affected Versions: OA System versions prior to 2025.01.01 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the outtype parameter at the "/address/AddrController.java"...

6.1CVSS5.6AI score0.00228EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/05/14 12:0 a.m.6 views

CVE-2025-29690

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the outtype parameter at /address/AddrController.java...

5.9AI score0.00228EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/14 12:0 a.m.8 views

CVE-2025-29691

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the userName parameter at /login/LoginsController.java...

5.9AI score0.00229EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/14 12:0 a.m.14 views

CVE-2025-29686

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /inform/InformManageController.java...

0.00228EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/14 12:0 a.m.12 views

CVE-2025-29691

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the userName parameter at /login/LoginsController.java...

0.00229EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/14 12:0 a.m.13 views

CVE-2025-29690

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the outtype parameter at /address/AddrController.java...

0.00228EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/14 12:0 a.m.5 views

PT-2025-21244 · Oa System · Oa System

Name of the Vulnerable Software and Affected Versions: OA System versions prior to v2025.01.01 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the userName parameter at the "/login/LoginsController.java" A...

6.1CVSS5.7AI score0.00229EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2025/05/14 12:0 a.m.11 views

CVE-2025-29689

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the password parameter at /mail/MailController.java...

6AI score0.00228EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/14 12:0 a.m.16 views

CVE-2025-29689

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the password parameter at /mail/MailController.java...

0.00228EPSS
Exploits1References1
CVE
CVE
added 2025/05/14 12:0 a.m.40 views

CVE-2025-29688

CVE-2025-29688 affects OA System prior to version 2025.01.01. It is a cross-site scripting (XSS) vulnerability where a crafted payload injected into the title parameter of the /daymanager/daymanageabilitycontroller.java endpoint allows execution of arbitrary web scripts or HTML. Root cause: insuf...

6.1CVSS5.9AI score0.00228EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/05/14 12:0 a.m.39 views

CVE-2025-29690

OA System is affected by CVE-2025-29690: an XSS vulnerability in versions prior to 2025.01.01 reachable via the outtype parameter in /address/AddrController.java. Root cause: improper handling/escaping of input leads to execution of arbitrary scripts/HTML. Impact per sources is low/medium in CVSS...

6.1CVSS5.9AI score0.00228EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/05/14 12:0 a.m.42 views

CVE-2025-29686

CVE-2025-29686 describes an XSS vulnerability in OA System prior to version 2025.01.01. The issue arises from improper input handling in the title parameter at /inform/InformManageController.java, allowing attackers to inject arbitrary web scripts/HTML. The CVE entry consistently lists the affect...

6.1CVSS5.9AI score0.00228EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/05/14 12:0 a.m.41 views

CVE-2025-29691

CVE-2025-29691 affects OA System prior to v2025.01.01. The vulnerability is a cross-site scripting (XSS) issue in the login flow, triggered by crafting payloads injected into the userName parameter in /login/LoginsController.java. Documented impact is arbitrary web scripts/HTML execution. A patch...

6.1CVSS5.8AI score0.00229EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/05/14 12:0 a.m.42 views

CVE-2025-29689

CVE-2025-29689 describes an XSS in OA System prior to 2025.01.01. The vulnerability stems from improper input handling of the password parameter in the endpoint “/mail/MailController.java”, allowing execution of arbitrary web scripts/HTML. A fix is available: upgrade OA System to 2025.01.01 or la...

6.1CVSS6AI score0.00228EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/05/14 12:0 a.m.8 views

oa_system 跨站脚本漏洞

oasystem is a hailey individual developer's application for the day-to-day operation and management of organizations, used by employees and managers. A security vulnerability exists in oasystem versions prior to v2025.01.01, which stems from improperly cleaned input of the parameter password in t...

6.1CVSS6.1AI score0.00228EPSS
Exploits1References3
OSV
OSV
added 2025/04/08 1:15 a.m.7 views

CVE-2025-3391

A vulnerability has been found in hailey888 oasystem up to 2025.01.01 and classified as problematic. Affected by this vulnerability is the function outAddress of the file cn/gson/oass/controller/address/AddrController. java of the component Backend. The manipulation of the argument outtype leads ...

6.1CVSS3.6AI score0.00288EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.5 views

PT-2025-15311 · Unknown · Hailey888 Oa System

Name of the Vulnerable Software and Affected Versions: hailey888 oa system versions up to 2025.01.01 Description: A vulnerability has been found in the function outAddress of the file cn/gson/oass/controller/address/AddrController.java of the component Backend. The manipulation of the argument...

6.1CVSS3.6AI score0.00288EPSS
Exploits1References9
Rows per page
Query Builder