Hailey888 Oa System
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Hailey888 Oa System.
By the Year
In 2026 there have been 0 vulnerabilities in Hailey888 Oa System. Last year, in 2025 Oa System had 10 security vulnerabilities published. Right now, Oa System is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 10 | 6.10 |
It may take a day or so for new Oa System vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Hailey888 Oa System Security Vulnerabilities
XSS in OA System <v2025.01.01 via /login/LoginsController
CVE-2025-29691
- May 14, 2025
A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the userName parameter at /login/LoginsController.java.
XSS in OA System before 2025.01.01 via outtype param in AddrController
CVE-2025-29690
- May 14, 2025
A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the outtype parameter at /address/AddrController.java.
OA System XSS in MailController.java (before v2025.01.01)
CVE-2025-29689
- May 14, 2025
A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the password parameter at /mail/MailController.java.
XSS in OA System <= v2025.01.01 via title param
CVE-2025-29688
- May 14, 2025
A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /daymanager/daymanageabilitycontroller.java.
OA System XSS via title param before v2025.01.01
CVE-2025-29686
- May 14, 2025
A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /inform/InformManageController.java.
CVE-2025-3392 XSS in hailey888 oa_system Backend Save()
CVE-2025-3392
6.1 - Medium
- April 08, 2025
A vulnerability was found in hailey888 oa_system up to 2025.01.01 and classified as problematic. Affected by this issue is the function Save of the file cn/gson/oasys/controller/mail/MailController.java of the component Backend. The manipulation of the argument MailNumberId leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
XSS
XSS in hailey888 oa_system java backend outAddress before 2025.01.01
CVE-2025-3391
6.1 - Medium
- April 08, 2025
A vulnerability has been found in hailey888 oa_system up to 2025.01.01 and classified as problematic. Affected by this vulnerability is the function outAddress of the file cn/gson/oass/controller/address/AddrController. java of the component Backend. The manipulation of the argument outtype leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
XSS
hailey888 oa_system (Backend) XSS in addandchangeday < 2025.01.01
CVE-2025-3390
6.1 - Medium
- April 08, 2025
A vulnerability, which was classified as problematic, was found in hailey888 oa_system up to 2025.01.01. Affected is the function addandchangeday of the file cn/gson/oass/controller/daymanager/DaymanageController.java of the component Backend. The manipulation of the argument scheduleList leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
XSS
XSS in Hailey888 oa_system Backend testMess (CVE-2025-3389)
CVE-2025-3389
6.1 - Medium
- April 08, 2025
A vulnerability, which was classified as problematic, has been found in hailey888 oa_system up to 2025.01.01. This issue affects the function testMess of the file cn/gson/oasys/controller/inform/InformManageController.java of the component Backend. The manipulation of the argument menu leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
XSS
CVE-2025-3388: XSS via Username in Frontend loginCheck (oa_system)
CVE-2025-3388
6.1 - Medium
- April 07, 2025
A vulnerability classified as problematic was found in hailey888 oa_system up to 2025.01.01. This vulnerability affects the function loginCheck of the file cn/gson/oasys/controller/login/LoginsController.java of the component Frontend. The manipulation of the argument Username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Hailey888 Oa System or by Hailey888? Click the Watch button to subscribe.
