CVE-2025-9717

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions O2OA versions prior to 10.0-410

Description A vulnerability exists in O2OA that allows for cross site scripting. The issue is related to an unknown functionality within the file /x organization assemble control/jaxrs/unit/ of the Personal Profile Page component. Manipulation of the arguments name, shortName, distinguishedName, pinyin, pinyinInitial, and levelName can trigger the vulnerability. The attack can be launched remotely.

Recommendations Update O2OA to version 10.0-410 or later.

Exploit

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2025-9717

Affected Products

O2Oa

CVE-2025-9717

Weakness Enumeration

Related Identifiers

Affected Products

References · 10