Zoneland O2oa
25 CVEs affecting Zoneland O2oa. Latest disclosed: 2026-02-07. Critical: 2, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-47418 | Critical | 9.8 | 2023-11-30 | Remote Code Execution (RCE) vulnerability in o2oa version 8.1.2 and before, allows attackers to create a new interface in the service management function to ex… |
CVE-2022-22916 | Critical | 9.8 | 2022-02-17 | O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vulnerability via /x_program_center/jaxrs/invoke. |
CVE-2024-37777 | High | 8.8 | 2025-08-27 | O2OA v9.0.3 was discovered to contain a remote code execution (RCE) vulnerability via the mainOutput() function. |
CVE-2026-2074 | Medium | 6.3 | 2026-02-07 | A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /x_program_center/jaxrs/mpweixin/check of the component HTTP P… |
CVE-2025-22994 | Medium | 6.1 | 2025-01-31 | O2OA 9.1.3 is vulnerable to Cross Site Scripting (XSS) in Meetings - Settings. |
CVE-2024-35591 | Medium | 5.4 | 2024-05-24 | An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers to execute arbitrary code via uploading a crafted PDF file. |
CVE-2024-3689 | Low | 3.7 | 2024-04-12 | A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of t… |
CVE-2025-9737 | Low | 3.5 | 2025-08-31 | A vulnerability was detected in O2OA up to 10.0-410. Affected is an unknown function of the file /x_query_assemble_designer/jaxrs/importmodel of the component… |
CVE-2025-9736 | Low | 3.5 | 2025-08-31 | A security vulnerability has been detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_query_assemble_designer/jaxrs/statement of t… |
CVE-2025-9735 | Low | 3.5 | 2025-08-31 | A weakness has been identified in O2OA up to 10.0-410. This affects an unknown function of the file /x_query_assemble_designer/jaxrs/table of the component Per… |
CVE-2025-9734 | Low | 3.5 | 2025-08-31 | A security flaw has been discovered in O2OA up to 10.0-410. The impacted element is an unknown function of the file /x_query_assemble_designer/jaxrs/stat of th… |
CVE-2025-9719 | Low | 3.5 | 2025-08-31 | A weakness has been identified in O2OA up to 10.0-410. This vulnerability affects unknown code of the file /x_processplatform_assemble_designer/jaxrs/script of… |
CVE-2025-9718 | Low | 3.5 | 2025-08-31 | A security flaw has been discovered in O2OA up to 10.0-410. This affects an unknown part of the file /x_processplatform_assemble_designer/jaxrs/process of the… |
CVE-2025-9717 | Low | 3.5 | 2025-08-31 | A vulnerability was identified in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /x_organization_assemble_control/jaxrs/… |
CVE-2025-9716 | Low | 3.5 | 2025-08-31 | A vulnerability was determined in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /x_processplatform_assemble_desig… |
CVE-2025-9715 | Low | 3.5 | 2025-08-31 | A vulnerability was found in O2OA up to 10.0-410. Affected is an unknown function of the file /x_cms_assemble_control/jaxrs/script of the component Personal Pr… |
CVE-2025-9683 | Low | 3.5 | 2025-08-30 | A vulnerability was found in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /x_cms_assemble_control/jaxrs/form of the co… |
CVE-2025-9682 | Low | 3.5 | 2025-08-30 | A vulnerability has been found in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /x_cms_assemble_control/jaxrs/des… |
CVE-2025-9681 | Low | 3.5 | 2025-08-30 | A flaw has been found in O2OA up to 10.0-410. Affected is an unknown function of the file /x_program_center/jaxrs/agent of the component Personal Profile Page… |
CVE-2025-9680 | Low | 3.5 | 2025-08-30 | A vulnerability was detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_portal_assemble_designer/jaxrs/page of the component Perso… |