CVE-2025-9734

Name of the Vulnerable Software and Affected Versions O2OA versions up to 10.0-410

Description A security flaw exists in O2OA up to version 10.0-410. The issue is related to cross site scripting within the Personal Profile Page component, specifically affecting an unknown function of the file /x query assemble designer/jaxrs/stat. Manipulation of the name, alias, description, or applicationName argument can trigger the flaw. The attack can be launched remotely, and the exploit has been publicly released.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.