PT-2025-35383 · O2Oa · O2Oa
Colorfullbz
·
Published
2025-08-31
·
Updated
2025-08-31
·
CVE-2025-9715
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
O2OA versions prior to 10.0-410
Description
A cross site scripting issue exists in O2OA. The vulnerability is located in an unknown function of the
/x cms assemble control/jaxrs/script file within the Personal Profile Page component. Manipulation of the name, alias, or description argument can trigger the issue. The attack can be launched remotely. The exploit has been made public.Recommendations
Update to a version newer than 10.0-410.
Exploit
Fix
XSS
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
O2Oa