O2oa
by O2oa
Source repositories
CVEs (26)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-22916 | 0.07 | — | 0.40 | Feb 17, 2022 | O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vulnerability via /x_program_center/jaxrs/invoke. | |||
| CVE-2025-9655 | 0.00 | — | 0.00 | Aug 29, 2025 | A weakness has been identified in O2OA up to 10.0-410. This affects an unknown part of the file /x_organization_assemble_control/jaxrs/person/ of the component Personal Profile Page. Executing manipulation of the argument Description can lead to cross site scripting. The attack… | |||
| CVE-2024-37777 | 0.00 | — | 0.00 | Aug 27, 2025 | O2OA v9.0.3 was discovered to contain a remote code execution (RCE) vulnerability via the mainOutput() function. | |||
| CVE-2025-22994 | 0.00 | — | 0.00 | Jan 31, 2025 | O2OA 9.1.3 is vulnerable to Cross Site Scripting (XSS) in Meetings - Settings. | |||
| CVE-2024-35591 | 0.00 | — | 0.00 | May 24, 2024 | An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers to execute arbitrary code via uploading a crafted PDF file. | |||
| CVE-2023-47418 | 0.00 | — | 0.02 | Nov 30, 2023 | Remote Code Execution (RCE) vulnerability in o2oa version 8.1.2 and before, allows attackers to create a new interface in the service management function to execute JavaScript. |
- CVE-2022-22916Feb 17, 2022risk 0.07cvss —epss 0.40
O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vulnerability via /x_program_center/jaxrs/invoke.
- CVE-2025-9655Aug 29, 2025risk 0.00cvss —epss 0.00
A weakness has been identified in O2OA up to 10.0-410. This affects an unknown part of the file /x_organization_assemble_control/jaxrs/person/ of the component Personal Profile Page. Executing manipulation of the argument Description can lead to cross site scripting. The attack…
- CVE-2024-37777Aug 27, 2025risk 0.00cvss —epss 0.00
O2OA v9.0.3 was discovered to contain a remote code execution (RCE) vulnerability via the mainOutput() function.
- CVE-2025-22994Jan 31, 2025risk 0.00cvss —epss 0.00
O2OA 9.1.3 is vulnerable to Cross Site Scripting (XSS) in Meetings - Settings.
- CVE-2024-35591May 24, 2024risk 0.00cvss —epss 0.00
An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers to execute arbitrary code via uploading a crafted PDF file.
- CVE-2023-47418Nov 30, 2023risk 0.00cvss —epss 0.02
Remote Code Execution (RCE) vulnerability in o2oa version 8.1.2 and before, allows attackers to create a new interface in the service management function to execute JavaScript.
Page 2 of 2