Name of the Vulnerable Software and Affected Versions:

O2OA versions prior to 10.0-410

Description:

A vulnerability exists in O2OA that allows for cross site scripting. The issue impacts an unknown function within the `/x portal assemble designer/jaxrs/page` file of the Personal Profile Page component. The attack can be initiated remotely. The exploit is publicly available.

Recommendations:

Update to a version newer than 10.0-410.