Vulnerability Description
A vulnerability was found in hailey888 oa_system up to 2025.01.01 and classified as problematic. Affected by this issue is the function Save of the file cn/gson/oasys/controller/mail/MailController.java of the component Backend. The manipulation of the argument MailNumberId leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hailey888 | Oa System | < 2025.01.01 |
Related Weaknesses (CWE)
References
- https://gitee.com/hailey888/oa_system/issues/IBRQZ9ExploitIssue Tracking
- https://vuldb.com/?ctiid.303638Permissions RequiredVDB Entry
- https://vuldb.com/?id.303638Third Party AdvisoryVDB Entry
- https://gitee.com/hailey888/oa_system/issues/IBRQZ9ExploitIssue Tracking
FAQ
What is CVE-2025-3392?
CVE-2025-3392 is a vulnerability with a CVSS score of 3.5 (LOW). A vulnerability was found in hailey888 oa_system up to 2025.01.01 and classified as problematic. Affected by this issue is the function Save of the file cn/gson/oasys/controller/mail/MailController.ja...
How severe is CVE-2025-3392?
CVE-2025-3392 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-3392?
Check the references section above for vendor advisories and patch information. Affected products include: Hailey888 Oa System.