{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-3391", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-04-07T07:10:39.201Z", "datePublished": "2025-04-08T00:31:08.246Z", "dateUpdated": "2025-04-08T14:26:23.838Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-04-08T00:31:08.246Z"}, "title": "hailey888 oa_system Backend AddrController. java outAddress cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "Cross Site Scripting"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "Code Injection"}]}], "affected": [{"vendor": "hailey888", "product": "oa_system", "versions": [{"version": "2025.01.01", "status": "affected"}], "modules": ["Backend"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in hailey888 oa_system up to 2025.01.01 and classified as problematic. Affected by this vulnerability is the function outAddress of the file cn/gson/oass/controller/address/AddrController. java of the component Backend. The manipulation of the argument outtype leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available."}, {"lang": "de", "value": "In hailey888 oa_system bis 2025.01.01 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Betroffen ist die Funktion outAddress der Datei cn/gson/oass/controller/address/AddrController. java der Komponente Backend. Durch Manipulation des Arguments outtype mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verf\u00fcgbar."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "timeline": [{"time": "2025-04-07T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-04-07T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-04-07T09:15:59.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "VulDB Gitee Analyzer", "type": "tool"}], "references": [{"url": "https://vuldb.com/?id.303637", "name": "VDB-303637 | hailey888 oa_system Backend AddrController. java outAddress cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.303637", "name": "VDB-303637 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://gitee.com/hailey888/oa_system/issues/IBRRX3", "tags": ["exploit", "issue-tracking"]}]}, "adp": [{"references": [{"url": "https://gitee.com/hailey888/oa_system/issues/IBRRX3", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-08T14:26:19.797641Z", "id": "CVE-2025-3391", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-08T14:26:23.838Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3391", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-08T14:26:19.797641Z"}}}], "references": [{"url": "https://gitee.com/hailey888/oa_system/issues/IBRRX3", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-08T14:26:14.174Z"}}], "cna": {"title": "hailey888 oa_system Backend AddrController. java outAddress cross site scripting", "credits": [{"lang": "en", "type": "tool", "value": "VulDB Gitee Analyzer"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "affected": [{"vendor": "hailey888", "modules": ["Backend"], "product": "oa_system", "versions": [{"status": "affected", "version": "2025.01.01"}]}], "timeline": [{"lang": "en", "time": "2025-04-07T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-04-07T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-04-07T09:15:59.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.303637", "name": "VDB-303637 | hailey888 oa_system Backend AddrController. java outAddress cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.303637", "name": "VDB-303637 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://gitee.com/hailey888/oa_system/issues/IBRRX3", "tags": ["exploit", "issue-tracking"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in hailey888 oa_system up to 2025.01.01 and classified as problematic. Affected by this vulnerability is the function outAddress of the file cn/gson/oass/controller/address/AddrController. java of the component Backend. The manipulation of the argument outtype leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available."}, {"lang": "de", "value": "In hailey888 oa_system bis 2025.01.01 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Betroffen ist die Funktion outAddress der Datei cn/gson/oass/controller/address/AddrController. java der Komponente Backend. Durch Manipulation des Arguments outtype mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verf\u00fcgbar."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "Cross Site Scripting"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "Code Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-04-08T00:31:08.246Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3391", "state": "PUBLISHED", "dateUpdated": "2025-04-08T14:26:23.838Z", "dateReserved": "2025-04-07T07:10:39.201Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-04-08T00:31:08.246Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hailey888:oa_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "217EC572-75E4-420F-93F3-5F713FCED8BF", "versionEndExcluding": "2025.01.01", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in hailey888 oa_system up to 2025.01.01 and classified as problematic. Affected by this vulnerability is the function outAddress of the file cn/gson/oass/controller/address/AddrController. java of the component Backend. The manipulation of the argument outtype leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad en hailey888 oa_system hasta la versi\u00f3n 2025.01.01, clasificada como problem\u00e1tica. Esta vulnerabilidad afecta a la funci\u00f3n outAddress del archivo cn/gson/oass/controller/address/AddrController.java del componente Backend. La manipulaci\u00f3n del argumento outtype provoca ataques de cross site scripting. El ataque puede ejecutarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Este producto utiliza el enfoque de lanzamiento continuo para garantizar una distribuci\u00f3n continua. Por lo tanto, no se dispone de informaci\u00f3n sobre las versiones afectadas ni sobre las actualizadas."}], "id": "CVE-2025-3391", "lastModified": "2025-05-07T17:16:59.240", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "[email protected]", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-04-08T01:15:42.223", "references": [{"source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "Issue Tracking"], "url": "https://gitee.com/hailey888/oa_system/issues/IBRRX3"}, {"source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.303637"}, {"source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.303637"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory", "Issue Tracking"], "url": "https://gitee.com/hailey888/oa_system/issues/IBRRX3"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-94"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "[email protected]", "type": "Primary"}]}

{}