CVE-2025-9719

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions O2OA versions up to 10.0-410

Description A weakness has been identified in O2OA that allows for cross site scripting. The issue affects unknown code within the /x processplatform assemble designer/jaxrs/script file of the Personal Profile Page component. Manipulation of the name, alias, description, or applicationName arguments can be exploited remotely. The exploit has been made publicly available.

Recommendations Versions prior to 10.0-410: As a temporary workaround, consider restricting or disabling the use of the Personal Profile Page component until a fix is available.

Exploit

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2025-9719

Affected Products

O2Oa

CVE-2025-9719

Weakness Enumeration

Related Identifiers

Affected Products

References · 9