Zoneland

O2oa

24 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-9682

Exploit
  • EPSS 0.06%
  • Published 30.08.2025 09:32:07
  • Last modified 10.09.2025 13:38:29

A vulnerability has been found in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /x_cms_assemble_control/jaxrs/design/appdict of the component Personal Profile Page. The manipulation leads to cross site sc...

5.4

CVE-2025-9681

Exploit
  • EPSS 0.05%
  • Published 30.08.2025 08:32:07
  • Last modified 10.09.2025 13:46:29

A flaw has been found in O2OA up to 10.0-410. Affected is an unknown function of the file /x_program_center/jaxrs/agent of the component Personal Profile Page. Executing manipulation can lead to cross site scripting. The attack can be launched remote...

5.4

CVE-2025-9680

Exploit
  • EPSS 0.06%
  • Published 30.08.2025 07:02:06
  • Last modified 10.09.2025 13:49:03

A vulnerability was detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_portal_assemble_designer/jaxrs/page of the component Personal Profile Page. Performing manipulation results in cross site scripting. The attack can b...

5.4

CVE-2025-9659

Exploit
  • EPSS 0.04%
  • Published 29.08.2025 16:15:38
  • Last modified 16.09.2025 16:19:41

A vulnerability has been found in O2OA up to 10.0-410. The affected element is an unknown function of the file /x_portal_assemble_designer/jaxrs/widget of the component Personal Profile Page. Such manipulation leads to cross site scripting. The attac...

5.4

CVE-2025-9658

Exploit
  • EPSS 0.04%
  • Published 29.08.2025 16:15:38
  • Last modified 16.09.2025 16:27:19

A flaw has been found in O2OA up to 10.0-410. Impacted is an unknown function of the file /x_portal_assemble_designer/jaxrs/dict/ of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scrip...

5.4

CVE-2025-9657

Exploit
  • EPSS 0.04%
  • Published 29.08.2025 15:32:09
  • Last modified 16.09.2025 16:32:41

A vulnerability was detected in O2OA up to 10.0-410. This issue affects some unknown processing of the file /x_program_center/jaxrs/script of the component Personal Profile Page. The manipulation of the argument name/alias/description results in cros...

5.4

CVE-2025-9655

Exploit
  • EPSS 0.03%
  • Published 29.08.2025 15:15:40
  • Last modified 16.09.2025 16:34:34

A weakness has been identified in O2OA up to 10.0-410. This affects an unknown part of the file /x_organization_assemble_control/jaxrs/person/ of the component Personal Profile Page. Executing manipulation of the argument Description can lead to cros...

5.4

CVE-2025-9646

Exploit
  • EPSS 0.04%
  • Published 29.08.2025 13:15:39
  • Last modified 16.09.2025 16:37:31

A security flaw has been discovered in O2OA up to 10.0-410. This vulnerability affects unknown code of the file /x_organization_assemble_personal/jaxrs/definition/calendarConfig. The manipulation of the argument toMonthViewName results in cross site ...

8.8

CVE-2024-37777

Exploit
  • EPSS 0.23%
  • Published 27.08.2025 00:00:00
  • Last modified 09.09.2025 15:24:10

O2OA v9.0.3 was discovered to contain a remote code execution (RCE) vulnerability via the mainOutput() function.

6.1

CVE-2025-22994

Exploit
  • EPSS 0.08%
  • Published 31.01.2025 16:15:35
  • Last modified 15.09.2025 18:17:11

O2OA 9.1.3 is vulnerable to Cross Site Scripting (XSS) in Meetings - Settings.