CVE-2025-9735

Name of the Vulnerable Software and Affected Versions O2OA versions up to 10.0-410

Description A weakness exists in O2OA that allows for cross site scripting. The issue affects an unknown function within the /x query assemble designer/jaxrs/table file of the Personal Profile Page component. Manipulation of the description, applicationName, and queryName arguments can trigger the issue. The attack can be initiated remotely, and the exploit has been publicly released.

Recommendations Versions prior to a new version containing a fix are affected.