Seeyon Zhiyuan Oa Web Application System vulnerabilities
7 known vulnerabilities affecting seeyon/zhiyuan_oa_web_application_system.
Total CVEs
7
CISA KEV
0
Public exploits
1
Exploited in wild
2
Severity breakdown
CRITICAL2HIGH1MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2025-34040P1CRITICALCVSS 10.0ExploitedPoCv5.0≥ 5.1, ≤ 5.6sp1+5 more2025-06-24
CVE-2025-34040 [CRITICAL] CWE-22 CVE-2025-34040: An arbitrary file upload vulnerability exists in the Zhiyuan OA platform via the wpsAssistServlet in
An arbitrary file upload vulnerability exists in the Zhiyuan OA platform via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing unauthenticated attackers to upload crafted JSP files outside of intended directories using path traversal. Successful exploitation enabl
nvd
CVE-2021-4461P1CRITICALCVSS 9.3Exploited≤ 7.0 SP12025-10-30
CVE-2021-4461 [CRITICAL] CWE-306 CVE-2021-4461: Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and
Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the `enc` parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling attackers to assign a session to arbitrary user IDs. VulnCheck has observed t
nvd
CVE-2025-4531P3HIGHCVSS 8.8v8.1 SP22025-05-11
CVE-2025-4531 [HIGH] CWE-74 CVE-2025-4531: A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been rated as
A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been rated as critical. Affected by this issue is the function postData of the file ROOT\WEB-INF\classes\com\ours\www\ehr\salary\service\data\EhrSalaryPayrollServiceImpl.class of the component Beetl Template Handler. The manipulation of the argument payrollId leads to co
nvd
CVE-2025-5140P3MEDIUMCVSS 6.3v8.1 SP22025-05-25
CVE-2025-5140 [MEDIUM] CWE-918 CVE-2025-5140: A vulnerability classified as critical has been found in Seeyon Zhiyuan OA Web Application System up
A vulnerability classified as critical has been found in Seeyon Zhiyuan OA Web Application System up to 8.1 SP2. This affects the function this.oursNetService.getData of the file com\ours\www\ehr\openPlatform1\open4ClientType\controller\ThirdMenuController.class. The manipulation of the argument url leads to server-side request forgery. It is possible
nvd
CVE-2025-4000P4MEDIUMCVSS 5.4v8.1 SP22025-04-28
CVE-2025-4000 [MEDIUM] CWE-79 CVE-2025-4000: A vulnerability, which was classified as problematic, was found in Seeyon Zhiyuan OA Web Application
A vulnerability, which was classified as problematic, was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. Affected is an unknown function of the file seeyon\opt\Seeyon\A8\ApacheJetspeed\webapps\seeyon\ssoproxy\jsp\ssoproxy.jsp. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely.
nvd
CVE-2025-3999P4MEDIUMCVSS 5.4v8.1 SP22025-04-28
CVE-2025-3999 [MEDIUM] CWE-79 CVE-2025-3999: A vulnerability, which was classified as problematic, has been found in Seeyon Zhiyuan OA Web Applic
A vulnerability, which was classified as problematic, has been found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. This issue affects some unknown processing of the file seeyon\opt\Seeyon\A8\ApacheJetspeed\webapps\seeyon\common\js\addDate\date.jsp of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack
nvd
CVE-2025-4529P4MEDIUMCVSS 4.3v8.1 SP22025-05-11
CVE-2025-4529 [MEDIUM] CWE-22 CVE-2025-4529: A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been classifie
A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been classified as problematic. Affected is the function Download of the file seeyon\opt\Seeyon\A8\ApacheJetspeed\webapps\seeyon\WEB-INF\lib\seeyon-apps-m3.jar!\com\seeyon\apps\m3\core\controller\M3CoreController.class of the component ZIP File Handler. The manipulati
nvd