4 matches found
CVE-2025-44034
CVE-2025-44034 affects oa_system oasys v1.1, with a SQL injection in the AddrController via alph parameters leading to remote code execution. The CVSS 3.1 base score is 8.0 (HIGH) with ADJACENT attack vector, LOW attack complexity, LOW privileges, no user interaction, and impacts to confidentiali...
oa_system 跨站脚本漏洞
oasystem is a hailey individual developer's application for the day-to-day operation and management of organizations, used by employees and managers. A security vulnerability exists in oasystem versions prior to v2025.01.01, which stems from improperly cleaned inputs for the parameter outtype in...
CVE-2025-3391
A vulnerability has been found in hailey888 oasystem up to 2025.01.01 and classified as problematic. Affected by this vulnerability is the function outAddress of the file cn/gson/oass/controller/address/AddrController. java of the component Backend. The manipulation of the argument outtype leads ...
CVE-2025-3391 hailey888 oa_system Backend AddrController. java outAddress cross site scripting
A vulnerability has been found in hailey888 oasystem up to 2025.01.01 and classified as problematic. Affected by this vulnerability is the function outAddress of the file cn/gson/oass/controller/address/AddrController. java of the component Backend. The manipulation of the argument outtype leads ...