Name of the Vulnerable Software and Affected Versions:

O2OA versions up to 10.0-410

Description:

A cross site scripting issue exists in O2OA up to version 10.0-410. The issue is related to an unknown functionality within the file `/x cms assemble control/jaxrs/form` of the Personal Profile Page component. The attack can be launched remotely. The exploit has been publicly disclosed.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.