Oa System Security Vulnerabilities and Issues — Oa System CVE List

Lucene search

Hailey888Oa System

10 matches found

CVE•added 2025/04/08 1:15 a.m.•46 views

CVE-2025-3391

A vulnerability has been found in hailey888 oa_system up to 2025.01.01 and classified as problematic. Affected by this vulnerability is the function outAddress of the file cn/gson/oass/controller/address/AddrController. java of the component Backend. The manipulation of the argument outtype leads t...

6.1CVSS6.5AI score0.00031EPSS

CVE•added 2025/04/08 2:15 a.m.•44 views

CVE-2025-3392

A vulnerability was found in hailey888 oa_system up to 2025.01.01 and classified as problematic. Affected by this issue is the function Save of the file cn/gson/oasys/controller/mail/MailController.java of the component Backend. The manipulation of the argument MailNumberId leads to cross site scri...

6.1CVSS6.4AI score0.00029EPSS

CVE•added 2025/04/07 11:15 p.m.•42 views

CVE-2025-3388

A vulnerability classified as problematic was found in hailey888 oa_system up to 2025.01.01. This vulnerability affects the function loginCheck of the file cn/gson/oasys/controller/login/LoginsController.java of the component Frontend. The manipulation of the argument Username leads to cross site s...

6.1CVSS6.4AI score0.00039EPSS

CVE•added 2025/04/08 12:15 a.m.•36 views

CVE-2025-3389

A vulnerability, which was classified as problematic, has been found in hailey888 oa_system up to 2025.01.01. This issue affects the function testMess of the file cn/gson/oasys/controller/inform/InformManageController.java of the component Backend. The manipulation of the argument menu leads to cro...

6.1CVSS6.2AI score0.00029EPSS

CVE•added 2025/04/08 12:15 a.m.•35 views

CVE-2025-3390

A vulnerability, which was classified as problematic, was found in hailey888 oa_system up to 2025.01.01. Affected is the function addandchangeday of the file cn/gson/oass/controller/daymanager/DaymanageController.java of the component Backend. The manipulation of the argument scheduleList leads to ...

6.1CVSS6.5AI score0.00029EPSS

CVE•added 2025/05/14 10:15 p.m.•31 views

CVE-2025-29691

A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the userName parameter at /login/LoginsController.java.

6.1CVSS5.8AI score0.00051EPSS

CVE•added 2025/05/14 10:15 p.m.•30 views

CVE-2025-29686

A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /inform/InformManageController.java.

6.1CVSS5.9AI score0.00051EPSS

CVE•added 2025/05/14 10:15 p.m.•25 views

CVE-2025-29690

A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the outtype parameter at /address/AddrController.java.

6.1CVSS5.9AI score0.00051EPSS

CVE•added 2025/05/14 10:15 p.m.•22 views

CVE-2025-29688

6.1CVSS5.9AI score0.00051EPSS

CVE•added 2025/05/14 10:15 p.m.•21 views

CVE-2025-29689

A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the password parameter at /mail/MailController.java.

6.1CVSS6AI score0.00051EPSS