Seeyon
Products
5- 6 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
11| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-34040 | Cri | 0.69 | — | 0.14 | Jun 24, 2025 | An arbitrary file upload vulnerability exists in the Zhiyuan OA platform via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing unauthenticated attackers to upload crafted JSP files outside of… | ||
| CVE-2019-25714 | Cri | 0.61 | — | 0.01 | Apr 21, 2026 | Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads.… | ||
| CVE-2021-4461 | Cri | 0.60 | — | 0.01 | Oct 30, 2025 | Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the `enc` parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling… | ||
| CVE-2025-2030 | Hig | 0.47 | 7.3 | 0.00 | Mar 6, 2025 | A vulnerability was found in Seeyon Zhiyuan Interconnect FE Collaborative Office Platform up to 20250224. It has been rated as critical. Affected by this issue is some unknown functionality of the file /security/addUser.jsp. The manipulation of the argument groupId leads to sql… | ||
| CVE-2025-5140 | Med | 0.41 | 6.3 | 0.00 | May 25, 2025 | A vulnerability classified as critical has been found in Seeyon Zhiyuan OA Web Application System up to 8.1 SP2. This affects the function this.oursNetService.getData of the file com\ours\www\ehr\openPlatform1\open4ClientType\controller\ThirdMenuController.class. The… | ||
| CVE-2025-56451 | 0.00 | — | 0.00 | Jan 16, 2026 | Cross site scripting vulnerability in seeyon Zhiyuan A8+ Collaborative Management Software 7.0 via the topValue parameter to the seeyon/main.do endpoint. | |||
| CVE-2025-4531 | 0.00 | — | 0.00 | May 11, 2025 | A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been rated as critical. Affected by this issue is the function postData of the file ROOT\WEB-INF\classes\com\ours\www\ehr\salary\service\data\EhrSalaryPayrollServiceImpl.class of the component… | |||
| CVE-2025-4529 | 0.00 | — | 0.00 | May 11, 2025 | A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been classified as problematic. Affected is the function Download of the file seeyon\opt\Seeyon\A8\ApacheJetspeed\webapps\seeyon\WEB-INF\lib\seeyon-apps-m3.jar!\com\seeyon\apps\m3\core\controlle… | |||
| CVE-2025-4000 | 0.00 | — | 0.00 | Apr 28, 2025 | A vulnerability, which was classified as problematic, was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. Affected is an unknown function of the file seeyon\opt\Seeyon\A8\ApacheJetspeed\webapps\seeyon\ssoproxy\jsp\ssoproxy.jsp. The manipulation of the argument Name… | |||
| CVE-2025-3999 | 0.00 | — | 0.00 | Apr 28, 2025 | A vulnerability, which was classified as problematic, has been found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. This issue affects some unknown processing of the file seeyon\opt\Seeyon\A8\ApacheJetspeed\webapps\seeyon\common\js\addDate\date.jsp of the component URL… | |||
| CVE-2025-3402 | 0.00 | — | 0.00 | Apr 8, 2025 | A vulnerability was found in Seeyon Zhiyuan Interconnect FE Collaborative Office Platform 5.5.2 and classified as critical. This issue affects some unknown processing of the file /sysform/042/check.js%70. The manipulation of the argument Name leads to sql injection. The attack… |
- risk 0.69cvss —epss 0.14
An arbitrary file upload vulnerability exists in the Zhiyuan OA platform via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing unauthenticated attackers to upload crafted JSP files outside of…
- risk 0.61cvss —epss 0.01
Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads.…
- risk 0.60cvss —epss 0.01
Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the `enc` parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was found in Seeyon Zhiyuan Interconnect FE Collaborative Office Platform up to 20250224. It has been rated as critical. Affected by this issue is some unknown functionality of the file /security/addUser.jsp. The manipulation of the argument groupId leads to sql…
- risk 0.41cvss 6.3epss 0.00
A vulnerability classified as critical has been found in Seeyon Zhiyuan OA Web Application System up to 8.1 SP2. This affects the function this.oursNetService.getData of the file com\ours\www\ehr\openPlatform1\open4ClientType\controller\ThirdMenuController.class. The…
- CVE-2025-56451Jan 16, 2026risk 0.00cvss —epss 0.00
Cross site scripting vulnerability in seeyon Zhiyuan A8+ Collaborative Management Software 7.0 via the topValue parameter to the seeyon/main.do endpoint.
- CVE-2025-4531May 11, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been rated as critical. Affected by this issue is the function postData of the file ROOT\WEB-INF\classes\com\ours\www\ehr\salary\service\data\EhrSalaryPayrollServiceImpl.class of the component…
- CVE-2025-4529May 11, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been classified as problematic. Affected is the function Download of the file seeyon\opt\Seeyon\A8\ApacheJetspeed\webapps\seeyon\WEB-INF\lib\seeyon-apps-m3.jar!\com\seeyon\apps\m3\core\controlle…
- CVE-2025-4000Apr 28, 2025risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. Affected is an unknown function of the file seeyon\opt\Seeyon\A8\ApacheJetspeed\webapps\seeyon\ssoproxy\jsp\ssoproxy.jsp. The manipulation of the argument Name…
- CVE-2025-3999Apr 28, 2025risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, has been found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. This issue affects some unknown processing of the file seeyon\opt\Seeyon\A8\ApacheJetspeed\webapps\seeyon\common\js\addDate\date.jsp of the component URL…
- CVE-2025-3402Apr 8, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in Seeyon Zhiyuan Interconnect FE Collaborative Office Platform 5.5.2 and classified as critical. This issue affects some unknown processing of the file /sysform/042/check.js%70. The manipulation of the argument Name leads to sql injection. The attack…