CVE-2025-9658

Name of the Vulnerable Software and Affected Versions O2OA versions prior to 10.0-410

Description A flaw has been found in O2OA that allows for cross site scripting. The issue is related to the manipulation of the argument name/alias/description within an unknown function of the file /x portal assemble designer/jaxrs/dict/ of the Personal Profile Page component. Remote exploitation is possible. The vendor has indicated a fix will be available in a new version.

Recommendations Update to a version of O2OA greater than 10.0-410.