Onlyning

**Name of the Vulnerable Software and Affected Versions** o2oa versions 8.1.2 and earlier **Description** The issue allows attackers to create a new interface in the service management function to execute JavaScript, enabling Remote Code Execution (RCE). **Recommendations** For versions 8.1.2 and earlier, consider disabling the service management function temporarily to prevent the creation of new interfaces that could be used for JavaScript execution until a fix is available.