CVE-2025-9657 | O2OA up to 10.0-410 Personal Profile Page script name/alias/description cross site scripting (Issue 173)

A vulnerability was found in O2OA up to 10.0-410 and classified as problematic. This issue affects some unknown processing of the file /x_program_center/jaxrs/script of the component Personal Profile Page. The manipulation of the argument name/alias/description results in cross site scripting.

This vulnerability is cataloged as CVE-2025-9657. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor replies in the GitHub issue (translated from simplified Chinese): “This issue will be fixed in the new version”VulDB Recent EntriesRead More