CVE-2025-9658 | O2OA up to 10.0-410 Personal Profile Page dict name/alias/description cross site scripting (Issue 174)

A vulnerability was found in O2OA up to 10.0-410. It has been classified as problematic. Impacted is an unknown function of the file /x_portal_assemble_designer/jaxrs/dict/ of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting.

This vulnerability is registered as CVE-2025-9658. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor replies in the GitHub issue (translated from simplified Chinese): “This issue will be fixed in the new version”VulDB Recent EntriesRead More