VYPR

O2oa

by Zoneland

Source repositories

CVEs (19)

  • CVE-2026-2074MedFeb 7, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /x_program_center/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation leads to xml external entity reference. It is possible to initiate the attack…

  • CVE-2025-9737LowAug 31, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was detected in O2OA up to 10.0-410. Affected is an unknown function of the file /x_query_assemble_designer/jaxrs/importmodel of the component Personal Profile Page. Performing manipulation of the argument description/applicationName/queryName results in cross…

  • CVE-2025-9736LowAug 31, 2025
    risk 0.23cvss 3.5epss 0.00

    A security vulnerability has been detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_query_assemble_designer/jaxrs/statement of the component Personal Profile Page. Such manipulation of the argument description/queryName leads to cross site…

  • CVE-2025-9735LowAug 31, 2025
    risk 0.23cvss 3.5epss 0.00

    A weakness has been identified in O2OA up to 10.0-410. This affects an unknown function of the file /x_query_assemble_designer/jaxrs/table of the component Personal Profile Page. This manipulation of the argument description/applicationName/queryName causes cross site scripting.…

  • CVE-2025-9734LowAug 31, 2025
    risk 0.23cvss 3.5epss 0.00

    A security flaw has been discovered in O2OA up to 10.0-410. The impacted element is an unknown function of the file /x_query_assemble_designer/jaxrs/stat of the component Personal Profile Page. The manipulation of the argument name/alias/description/applicationName results in…

  • CVE-2025-9719LowAug 31, 2025
    risk 0.23cvss 3.5epss 0.00

    A weakness has been identified in O2OA up to 10.0-410. This vulnerability affects unknown code of the file /x_processplatform_assemble_designer/jaxrs/script of the component Personal Profile Page. Executing manipulation of the argument name/alias/description/applicationName can…

  • CVE-2025-9718LowAug 31, 2025
    risk 0.23cvss 3.5epss 0.00

    A security flaw has been discovered in O2OA up to 10.0-410. This affects an unknown part of the file /x_processplatform_assemble_designer/jaxrs/process of the component Personal Profile Page. Performing manipulation of the argument name/alias results in cross site scripting.…

  • CVE-2025-9717LowAug 31, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was identified in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /x_organization_assemble_control/jaxrs/unit/ of the component Personal Profile Page. Such manipulation of the argument name/shortName/distinguishedName/pinyin/p…

  • CVE-2025-9716LowAug 31, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was determined in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /x_processplatform_assemble_designer/jaxrs/form of the component Personal Profile Page. This manipulation of the argument name/alias/description causes…

  • CVE-2025-9715LowAug 31, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in O2OA up to 10.0-410. Affected is an unknown function of the file /x_cms_assemble_control/jaxrs/script of the component Personal Profile Page. The manipulation of the argument name/alias/description results in cross site scripting. The attack can be…

  • CVE-2025-9683LowAug 30, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /x_cms_assemble_control/jaxrs/form of the component Personal Profile Page. The manipulation results in cross site scripting. The attack may be launched remotely.…

  • CVE-2025-9682LowAug 30, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability has been found in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /x_cms_assemble_control/jaxrs/design/appdict of the component Personal Profile Page. The manipulation leads to cross site scripting. The attack may be…

  • CVE-2025-9681LowAug 30, 2025
    risk 0.23cvss 3.5epss 0.00

    A flaw has been found in O2OA up to 10.0-410. Affected is an unknown function of the file /x_program_center/jaxrs/agent of the component Personal Profile Page. Executing manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been…

  • CVE-2025-9680LowAug 30, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_portal_assemble_designer/jaxrs/page of the component Personal Profile Page. Performing manipulation results in cross site scripting. The attack can be initiated remotely. The…

  • CVE-2025-9659LowAug 29, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability has been found in O2OA up to 10.0-410. The affected element is an unknown function of the file /x_portal_assemble_designer/jaxrs/widget of the component Personal Profile Page. Such manipulation leads to cross site scripting. The attack can be executed remotely.…

  • CVE-2025-9658LowAug 29, 2025
    risk 0.23cvss 3.5epss 0.00

    A flaw has been found in O2OA up to 10.0-410. Impacted is an unknown function of the file /x_portal_assemble_designer/jaxrs/dict/ of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting. Remote exploitation of…

  • CVE-2025-9657LowAug 29, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was detected in O2OA up to 10.0-410. This issue affects some unknown processing of the file /x_program_center/jaxrs/script of the component Personal Profile Page. The manipulation of the argument name/alias/description results in cross site scripting. The attack…

  • CVE-2025-9646LowAug 29, 2025
    risk 0.23cvss 3.5epss 0.00

    A security flaw has been discovered in O2OA up to 10.0-410. This vulnerability affects unknown code of the file /x_organization_assemble_personal/jaxrs/definition/calendarConfig. The manipulation of the argument toMonthViewName results in cross site scripting. The attack can be…

  • CVE-2024-3689Apr 12, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The manipulation leads to information…

VYPR — Vulnerability Intelligence