CVE-2025-9736

Name of the Vulnerable Software and Affected Versions O2OA versions up to 10.0-410

Description A security issue has been identified in O2OA that allows for cross site scripting. The issue impacts an unknown function within the /x query assemble designer/jaxrs/statement file of the Personal Profile Page component. Manipulation of the queryName argument within the description parameter can be used to exploit this issue. The attack can be launched remotely. The exploit has been publicly disclosed.

Recommendations Update to a newer version to address this issue.