📦 O2oa

Name: O2oa
Author: Zoneland

by Zoneland

🔍 What is O2oa?

Description coming soon...

🛡️ Security Overview

Click on a severity to filter vulnerabilities

⚠️ Known Vulnerabilities

CVE-2023-47418

CRITICAL CVSS 9.8 Nov 30, 2023

This CVE describes a critical Remote Code Execution vulnerability in O2OA platform versions 8.1.2 and earlier. Attackers can exploit the service management function to create malicious interfaces that...

CVE-2022-22916

CRITICAL CVSS 9.8 Feb 17, 2022

O2OA v6.4.7 contains a remote code execution vulnerability in the /x_program_center/jaxrs/invoke endpoint that allows unauthenticated attackers to execute arbitrary code on affected systems. This affe...

CVE-2026-2074

MEDIUM CVSS 6.3 Feb 7, 2026

This XXE vulnerability in O2OA allows attackers to read arbitrary files from the server by sending specially crafted XML payloads to the vulnerable endpoint. It affects O2OA installations up to versio...

CVE-2025-22994

MEDIUM CVSS 6.1 Jan 31, 2025

O2OA 9.1.3 contains a cross-site scripting vulnerability in the Meetings - Settings functionality that allows attackers to inject malicious scripts. This affects users who access the vulnerable meetin...