Name of the Vulnerable Software and Affected Versions:

O2OA versions up to 10.0-410

Description:

A cross-site scripting issue exists in O2OA’s Personal Profile Page. The issue is related to an unknown functionality of the file `/x cms assemble control/jaxrs/design/appdict`. The attack can be initiated remotely. The exploit has been publicly disclosed.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.