CVE-2025-29688

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /daymanager/daymanageabilitycontroller.java...

CVE-2025-29690

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the outtype parameter at /address/AddrController.java...

PT-2025-21246 · Oa System · Oa System

Name of the Vulnerable Software and Affected Versions: OA System versions prior to 2025.01.01 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at the "/inform/InformManageController.java...

oa_system 跨站脚本漏洞

oasystem is a hailey individual developer's application for the day-to-day operation and management of organizations, used by employees and managers. A security vulnerability exists in oasystem versions prior to v2025.01.01, which stems from improperly cleaned input of the parameter password in t...

CVE-2025-29688

CVE-2025-29688 affects OA System prior to version 2025.01.01. It is a cross-site scripting (XSS) vulnerability where a crafted payload injected into the title parameter of the /daymanager/daymanageabilitycontroller.java endpoint allows execution of arbitrary web scripts or HTML. Root cause: insuf...