Filtered by vendor Zoneland
Subscribe
Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-9655 | 1 Zoneland | 1 O2oa | 2025-09-16 | 4.0 MEDIUM | 3.5 LOW |
| A weakness has been identified in O2OA up to 10.0-410. This affects an unknown part of the file /x_organization_assemble_control/jaxrs/person/ of the component Personal Profile Page. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be launched remotely. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version." | |||||
| CVE-2025-22994 | 1 Zoneland | 1 O2oa | 2025-09-15 | N/A | 6.1 MEDIUM |
| O2OA 9.1.3 is vulnerable to Cross Site Scripting (XSS) in Meetings - Settings. | |||||
| CVE-2024-37777 | 1 Zoneland | 1 O2oa | 2025-09-09 | N/A | 8.8 HIGH |
| O2OA v9.0.3 was discovered to contain a remote code execution (RCE) vulnerability via the mainOutput() function. | |||||
| CVE-2023-47418 | 1 Zoneland | 1 O2oa | 2024-11-21 | N/A | 9.8 CRITICAL |
| Remote Code Execution (RCE) vulnerability in o2oa version 8.1.2 and before, allows attackers to create a new interface in the service management function to execute JavaScript. | |||||
| CVE-2022-22916 | 1 Zoneland | 1 O2oa | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vulnerability via /x_program_center/jaxrs/invoke. | |||||