VYPR

O2oa

by O2oa

Source repositories

CVEs (26)

  • CVE-2022-22916Feb 17, 2022
    risk 0.07cvss epss 0.40

    O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vulnerability via /x_program_center/jaxrs/invoke.

  • CVE-2025-9655Aug 29, 2025
    risk 0.00cvss epss 0.00

    A weakness has been identified in O2OA up to 10.0-410. This affects an unknown part of the file /x_organization_assemble_control/jaxrs/person/ of the component Personal Profile Page. Executing manipulation of the argument Description can lead to cross site scripting. The attack…

  • CVE-2024-37777Aug 27, 2025
    risk 0.00cvss epss 0.00

    O2OA v9.0.3 was discovered to contain a remote code execution (RCE) vulnerability via the mainOutput() function.

  • CVE-2025-22994Jan 31, 2025
    risk 0.00cvss epss 0.00

    O2OA 9.1.3 is vulnerable to Cross Site Scripting (XSS) in Meetings - Settings.

  • CVE-2024-35591May 24, 2024
    risk 0.00cvss epss 0.00

    An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers to execute arbitrary code via uploading a crafted PDF file.

  • CVE-2023-47418Nov 30, 2023
    risk 0.00cvss epss 0.02

    Remote Code Execution (RCE) vulnerability in o2oa version 8.1.2 and before, allows attackers to create a new interface in the service management function to execute JavaScript.

Page 2 of 2