CVE-2025-3388

Name of the Vulnerable Software and Affected Versions hailey888 oa system up to 2025.01.01

Description A vulnerability was found in hailey888 oa system, affecting the function loginCheck of the file cn/gson/oasys/controller/login/LoginsController.java of the component Frontend. The manipulation of the argument Username leads to cross-site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product uses continuous delivery with rolling releases, so no version details of affected or updated releases are available.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of the loginCheck function or the Username argument in the affected component to minimize the risk of exploitation.