VYPR
Vendor

Seeyon

Products
5
CVEs
11
Across products
11
Status
Private

Products

5

Recent CVEs

11
  • CVE-2025-34040CriJun 24, 2025
    risk 0.69cvss epss 0.14

    An arbitrary file upload vulnerability exists in the Zhiyuan OA platform via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing unauthenticated attackers to upload crafted JSP files outside of…

  • CVE-2019-25714CriApr 21, 2026
    risk 0.61cvss epss 0.01

    Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads.…

  • CVE-2021-4461CriOct 30, 2025
    risk 0.60cvss epss 0.01

    Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the `enc` parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling…

  • CVE-2025-2030HigMar 6, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in Seeyon Zhiyuan Interconnect FE Collaborative Office Platform up to 20250224. It has been rated as critical. Affected by this issue is some unknown functionality of the file /security/addUser.jsp. The manipulation of the argument groupId leads to sql…

  • CVE-2025-5140MedMay 25, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability classified as critical has been found in Seeyon Zhiyuan OA Web Application System up to 8.1 SP2. This affects the function this.oursNetService.getData of the file com\ours\www\ehr\openPlatform1\open4ClientType\controller\ThirdMenuController.class. The…

  • CVE-2025-56451Jan 16, 2026
    risk 0.00cvss epss 0.00

    Cross site scripting vulnerability in seeyon Zhiyuan A8+ Collaborative Management Software 7.0 via the topValue parameter to the seeyon/main.do endpoint.

  • CVE-2025-4531May 11, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been rated as critical. Affected by this issue is the function postData of the file ROOT\WEB-INF\classes\com\ours\www\ehr\salary\service\data\EhrSalaryPayrollServiceImpl.class of the component…

  • CVE-2025-4529May 11, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been classified as problematic. Affected is the function Download of the file seeyon\opt\Seeyon\A8\ApacheJetspeed\webapps\seeyon\WEB-INF\lib\seeyon-apps-m3.jar!\com\seeyon\apps\m3\core\controlle…

  • CVE-2025-4000Apr 28, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as problematic, was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. Affected is an unknown function of the file seeyon\opt\Seeyon\A8\ApacheJetspeed\webapps\seeyon\ssoproxy\jsp\ssoproxy.jsp. The manipulation of the argument Name…

  • CVE-2025-3999Apr 28, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as problematic, has been found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. This issue affects some unknown processing of the file seeyon\opt\Seeyon\A8\ApacheJetspeed\webapps\seeyon\common\js\addDate\date.jsp of the component URL…

  • CVE-2025-3402Apr 8, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in Seeyon Zhiyuan Interconnect FE Collaborative Office Platform 5.5.2 and classified as critical. This issue affects some unknown processing of the file /sysform/042/check.js%70. The manipulation of the argument Name leads to sql injection. The attack…