CVE-2025-9716

Name of the Vulnerable Software and Affected Versions O2OA versions prior to 10.0-410

Description A cross site scripting issue exists in O2OA due to manipulation of the name, alias, or description argument within the file /x processplatform assemble designer/jaxrs/form of the Personal Profile Page component. The attack can be initiated remotely. The issue has been publicly disclosed.

Recommendations Update O2OA to a version newer than 10.0-410.