CVE-2025-9655 | O2OA up to 10.0-410 Personal Profile Page person Description cross site scripting (Issue 172)

A vulnerability, which was classified as problematic, was found in O2OA up to 10.0-410. This affects an unknown part of the file /x_organization_assemble_control/jaxrs/person/ of the component Personal Profile Page. Executing manipulation of the argument Description can lead to cross site scripting.

This vulnerability is tracked as CVE-2025-9655. The attack can be launched remotely. No exploit exists.

The vendor replies in the GitHub issue (translated from simplified Chinese): “This issue will be fixed in the new version”VulDB Recent EntriesRead More