ReportizFlow
Filtered by vendor Seeyon
Subscriptions
Filtered by product Zhiyuan Oa Web Application System
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-4461 | 1 Seeyon | 1 Zhiyuan Oa Web Application System | 2025-10-31 | N/A |
| Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the `enc` parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling attackers to assign a session to arbitrary user IDs. VulnCheck has observed this vulnerability being exploited in the wild as of 2025-10-30 at 00:30:40.855917 UTC. | ||||
Page 1 of 1.