VYPR
Vendor

O2oa

Products
1
CVEs
26
Across products
26
Status
Private

Products

1

Recent CVEs

26
View all 26 CVEs →
  • CVE-2026-7291MedApr 28, 2026
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in o2oa up to 10.0. This affects the function FileAction of the file FileAction.java of the component URL Fetching. Executing a manipulation of the argument fileUrl can lead to server-side request forgery. It is possible to launch the attack…

  • CVE-2026-2074MedFeb 7, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /x_program_center/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation leads to xml external entity reference. It is possible to initiate the attack…

  • CVE-2026-7292MedApr 28, 2026
    risk 0.36cvss 5.6epss 0.00

    A security vulnerability has been detected in o2oa up to 10.0. This impacts the function syncFile of the file NodeAgent.java of the component NodeAgent. The manipulation leads to improper authorization. The attack can be initiated remotely. The complexity of an attack is rather…

  • CVE-2025-9737LowAug 31, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was detected in O2OA up to 10.0-410. Affected is an unknown function of the file /x_query_assemble_designer/jaxrs/importmodel of the component Personal Profile Page. Performing manipulation of the argument description/applicationName/queryName results in cross…

  • CVE-2025-9736LowAug 31, 2025
    risk 0.23cvss 3.5epss 0.00

    A security vulnerability has been detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_query_assemble_designer/jaxrs/statement of the component Personal Profile Page. Such manipulation of the argument description/queryName leads to cross site…

  • CVE-2025-9735LowAug 31, 2025
    risk 0.23cvss 3.5epss 0.00

    A weakness has been identified in O2OA up to 10.0-410. This affects an unknown function of the file /x_query_assemble_designer/jaxrs/table of the component Personal Profile Page. This manipulation of the argument description/applicationName/queryName causes cross site scripting.…

  • CVE-2025-9734LowAug 31, 2025
    risk 0.23cvss 3.5epss 0.00

    A security flaw has been discovered in O2OA up to 10.0-410. The impacted element is an unknown function of the file /x_query_assemble_designer/jaxrs/stat of the component Personal Profile Page. The manipulation of the argument name/alias/description/applicationName results in…

  • CVE-2025-9719LowAug 31, 2025
    risk 0.23cvss 3.5epss 0.00

    A weakness has been identified in O2OA up to 10.0-410. This vulnerability affects unknown code of the file /x_processplatform_assemble_designer/jaxrs/script of the component Personal Profile Page. Executing manipulation of the argument name/alias/description/applicationName can…

  • CVE-2025-9718LowAug 31, 2025
    risk 0.23cvss 3.5epss 0.00

    A security flaw has been discovered in O2OA up to 10.0-410. This affects an unknown part of the file /x_processplatform_assemble_designer/jaxrs/process of the component Personal Profile Page. Performing manipulation of the argument name/alias results in cross site scripting.…

  • CVE-2025-9717LowAug 31, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was identified in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /x_organization_assemble_control/jaxrs/unit/ of the component Personal Profile Page. Such manipulation of the argument name/shortName/distinguishedName/pinyin/p…

  • CVE-2025-9716LowAug 31, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was determined in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /x_processplatform_assemble_designer/jaxrs/form of the component Personal Profile Page. This manipulation of the argument name/alias/description causes…

  • CVE-2025-9715LowAug 31, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in O2OA up to 10.0-410. Affected is an unknown function of the file /x_cms_assemble_control/jaxrs/script of the component Personal Profile Page. The manipulation of the argument name/alias/description results in cross site scripting. The attack can be…

  • CVE-2025-9683LowAug 30, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /x_cms_assemble_control/jaxrs/form of the component Personal Profile Page. The manipulation results in cross site scripting. The attack may be launched remotely.…

  • CVE-2025-9682LowAug 30, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability has been found in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /x_cms_assemble_control/jaxrs/design/appdict of the component Personal Profile Page. The manipulation leads to cross site scripting. The attack may be…

  • CVE-2025-9681LowAug 30, 2025
    risk 0.23cvss 3.5epss 0.00

    A flaw has been found in O2OA up to 10.0-410. Affected is an unknown function of the file /x_program_center/jaxrs/agent of the component Personal Profile Page. Executing manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been…

  • CVE-2025-9680LowAug 30, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_portal_assemble_designer/jaxrs/page of the component Personal Profile Page. Performing manipulation results in cross site scripting. The attack can be initiated remotely. The…

  • CVE-2025-9659LowAug 29, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability has been found in O2OA up to 10.0-410. The affected element is an unknown function of the file /x_portal_assemble_designer/jaxrs/widget of the component Personal Profile Page. Such manipulation leads to cross site scripting. The attack can be executed remotely.…

  • CVE-2025-9658LowAug 29, 2025
    risk 0.23cvss 3.5epss 0.00

    A flaw has been found in O2OA up to 10.0-410. Impacted is an unknown function of the file /x_portal_assemble_designer/jaxrs/dict/ of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting. Remote exploitation of…

  • CVE-2025-9657LowAug 29, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was detected in O2OA up to 10.0-410. This issue affects some unknown processing of the file /x_program_center/jaxrs/script of the component Personal Profile Page. The manipulation of the argument name/alias/description results in cross site scripting. The attack…

  • CVE-2025-9646LowAug 29, 2025
    risk 0.23cvss 3.5epss 0.00

    A security flaw has been discovered in O2OA up to 10.0-410. This vulnerability affects unknown code of the file /x_organization_assemble_personal/jaxrs/definition/calendarConfig. The manipulation of the argument toMonthViewName results in cross site scripting. The attack can be…