hailey888

10 exploits Active since Apr 2025
CVE-2025-3392 GITEE LOW java
hailey888 oa_system <2025.01.01 - XSS
A vulnerability was found in hailey888 oa_system up to 2025.01.01 and classified as problematic. Affected by this issue is the function Save of the file cn/gson/oasys/controller/mail/MailController.java of the component Backend. The manipulation of the argument MailNumberId leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
CVSS 3.5
CVE-2025-3391 GITEE LOW java
hailey888 oa_system <2025.01.01 - XSS
A vulnerability has been found in hailey888 oa_system up to 2025.01.01 and classified as problematic. Affected by this vulnerability is the function outAddress of the file cn/gson/oass/controller/address/AddrController. java of the component Backend. The manipulation of the argument outtype leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
CVSS 3.5
CVE-2025-3390 GITEE LOW java
hailey888 oa_system <2025.01.01 - XSS
A vulnerability, which was classified as problematic, was found in hailey888 oa_system up to 2025.01.01. Affected is the function addandchangeday of the file cn/gson/oass/controller/daymanager/DaymanageController.java of the component Backend. The manipulation of the argument scheduleList leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
CVSS 3.5
CVE-2025-3389 GITEE LOW java
hailey888 oa_system < 2025.01.01 - Cross-Site Scripting via InformManageController menu Argument
A vulnerability, which was classified as problematic, has been found in hailey888 oa_system up to 2025.01.01. This issue affects the function testMess of the file cn/gson/oasys/controller/inform/InformManageController.java of the component Backend. The manipulation of the argument menu leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
CVSS 3.5
CVE-2025-3388 GITEE MEDIUM java
hailey888 oa_system <2025.01.01 - XSS
A vulnerability classified as problematic was found in hailey888 oa_system up to 2025.01.01. This vulnerability affects the function loginCheck of the file cn/gson/oasys/controller/login/LoginsController.java of the component Frontend. The manipulation of the argument Username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
CVSS 4.3
CVE-2025-29691 GITEE MEDIUM java
OA System < 2025-01-01 - Cross-Site Scripting via userName Parameter
A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the userName parameter at /login/LoginsController.java.
CVSS 6.1
CVE-2025-29690 GITEE MEDIUM java
OA System < 2025-01-01 - Cross-Site Scripting via outtype Parameter
A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the outtype parameter at /address/AddrController.java.
CVSS 6.1
CVE-2025-29689 GITEE MEDIUM java
OA System < 2025-01-01 - Cross-Site Scripting via Password Parameter
A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the password parameter at /mail/MailController.java.
CVSS 6.1
CVE-2025-29688 GITEE MEDIUM java
OA System < 2025-01-01 - Cross-Site Scripting via Title Parameter
A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /daymanager/daymanageabilitycontroller.java.
CVSS 6.1
CVE-2025-29686 GITEE MEDIUM java
OA System < 2025-01-01 - Cross-Site Scripting via Title Parameter
A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /inform/InformManageController.java.
CVSS 6.1