Name of the Vulnerable Software and Affected Versions:

O2OA versions up to 10.0-410

Description:

A flaw exists in O2OA, potentially leading to cross site scripting. The issue affects an unknown function within the `/x program center/jaxrs/agent` file of the Personal Profile Page component. The attack can be launched remotely. The vendor indicated a fix will be included in a new version.

Recommendations:

Update to a newer version of O2OA to address this issue.