Colorfullbz

**Name of the Vulnerable Software and Affected Versions** O2OA versions up to 10.0-410 **Description** A vulnerability exists in O2OA that allows for cross site scripting. The issue is located in an unknown function within the `/x query assemble designer/jaxrs/importmodel` file of the Personal Profile Page component. Manipulation of the `description`, `applicationName`, and `queryName` arguments can trigger the vulnerability. Remote exploitation is possible. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** O2OA versions prior to 10.0-410 **Description** A cross site scripting issue exists in O2OA. The vulnerability is located in an unknown function of the `/x cms assemble control/jaxrs/script` file within the Personal Profile Page component. Manipulation of the `name`, `alias`, or `description` argument can trigger the issue. The attack can be launched remotely. The exploit has been made public. **Recommendations** Update to a version newer than 10.0-410.

**Name of the Vulnerable Software and Affected Versions** O2OA versions prior to 10.0-410 **Description** A cross site scripting issue exists in O2OA due to manipulation of the `name`, `alias`, or `description` argument within the file `/x processplatform assemble designer/jaxrs/form` of the Personal Profile Page component. The attack can be initiated remotely. The issue has been publicly disclosed. **Recommendations** Update O2OA to a version newer than 10.0-410.

**Name of the Vulnerable Software and Affected Versions** O2OA versions prior to 10.0-410 **Description** A vulnerability exists in O2OA that allows for cross site scripting. The issue is related to an unknown functionality within the file `/x organization assemble control/jaxrs/unit/` of the Personal Profile Page component. Manipulation of the arguments `name`, `shortName`, `distinguishedName`, `pinyin`, `pinyinInitial`, and `levelName` can trigger the vulnerability. The attack can be launched remotely. **Recommendations** Update O2OA to version 10.0-410 or later.

**Name of the Vulnerable Software and Affected Versions** O2OA versions up to 10.0-410 **Description** A security flaw exists in O2OA that allows for cross site scripting. The issue is located in an unknown part of the file `/x processplatform assemble designer/jaxrs/process` within the Personal Profile Page component. Manipulation of the `name/alias` argument can lead to exploitation. The exploit has been released publicly. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** O2OA versions up to 10.0-410 **Description** A weakness has been identified in O2OA that allows for cross site scripting. The issue affects unknown code within the `/x processplatform assemble designer/jaxrs/script` file of the Personal Profile Page component. Manipulation of the `name`, `alias`, `description`, or `applicationName` arguments can be exploited remotely. The exploit has been made publicly available. **Recommendations** Versions prior to 10.0-410: As a temporary workaround, consider restricting or disabling the use of the Personal Profile Page component until a fix is available.

**Name of the Vulnerable Software and Affected Versions** O2OA versions up to 10.0-410 **Description** A security flaw exists in O2OA up to version 10.0-410. The issue is related to cross site scripting within the Personal Profile Page component, specifically affecting an unknown function of the file `/x query assemble designer/jaxrs/stat`. Manipulation of the `name`, `alias`, `description`, or `applicationName` argument can trigger the flaw. The attack can be launched remotely, and the exploit has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** O2OA versions up to 10.0-410 **Description** A weakness exists in O2OA that allows for cross site scripting. The issue affects an unknown function within the `/x query assemble designer/jaxrs/table` file of the Personal Profile Page component. Manipulation of the `description`, `applicationName`, and `queryName` arguments can trigger the issue. The attack can be initiated remotely, and the exploit has been publicly released. **Recommendations** Versions prior to a new version containing a fix are affected.

**Name of the Vulnerable Software and Affected Versions** O2OA versions up to 10.0-410 **Description** A security issue has been identified in O2OA that allows for cross site scripting. The issue impacts an unknown function within the `/x query assemble designer/jaxrs/statement` file of the Personal Profile Page component. Manipulation of the `queryName` argument within the `description` parameter can be used to exploit this issue. The attack can be launched remotely. The exploit has been publicly disclosed. **Recommendations** Update to a newer version to address this issue.

**Name of the Vulnerable Software and Affected Versions** O2OA versions up to 10.0-410 **Description** A cross site scripting issue exists in O2OA up to version 10.0-410. The issue is related to an unknown functionality within the file `/x cms assemble control/jaxrs/form` of the Personal Profile Page component. The attack can be launched remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.