cbcvebase.

Zoneland O2Oa vulnerabilities

24 known vulnerabilities affecting zoneland/o2oa.

Total CVEs
24
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM21

Vulnerabilities

Page 2 of 2
CVE-2025-9717P4MEDIUMCVSS 5.4≤ 10.0-410v10.0-4102025-08-31
CVE-2025-9717 [MEDIUM] CWE-79 CVE-2025-9717: A vulnerability was identified in O2OA up to 10.0-410. Affected by this issue is some unknown functi A vulnerability was identified in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /x_organization_assemble_control/jaxrs/unit/ of the component Personal Profile Page. Such manipulation of the argument name/shortName/distinguishedName/pinyin/pinyinInitial/levelName leads to cross site scripting. The attack may be la
nvd
CVE-2025-9658P4MEDIUMCVSS 5.4≤ 10.0-410v10.0-4102025-08-29
CVE-2025-9658 [MEDIUM] CWE-79 CVE-2025-9658: A flaw has been found in O2OA up to 10.0-410. Impacted is an unknown function of the file /x_portal_ A flaw has been found in O2OA up to 10.0-410. Impacted is an unknown function of the file /x_portal_assemble_designer/jaxrs/dict/ of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published and may be used. The
nvd
CVE-2025-9655P4MEDIUMCVSS 5.4≤ 10.0-410v10.0-4102025-08-29
CVE-2025-9655 [MEDIUM] CWE-79 CVE-2025-9655: A weakness has been identified in O2OA up to 10.0-410. This affects an unknown part of the file /x_o A weakness has been identified in O2OA up to 10.0-410. This affects an unknown part of the file /x_organization_assemble_control/jaxrs/person/ of the component Personal Profile Page. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be launched remotely. The vendor replied in the GitHub issue (translate
nvd
CVE-2025-22994P4MEDIUMCVSS 6.1v9.1.32025-01-31
CVE-2025-22994 [MEDIUM] CWE-79 CVE-2025-22994: O2OA 9.1.3 is vulnerable to Cross Site Scripting (XSS) in Meetings - Settings. O2OA 9.1.3 is vulnerable to Cross Site Scripting (XSS) in Meetings - Settings.
nvd
Zoneland O2Oa vulnerabilities | cvebase