CVE-2025-9659 | O2OA up to 10.0-410 Personal Profile Page widget cross site scripting (Issue 175)

A vulnerability was found in O2OA up to 10.0-410. It has been declared as problematic. The affected element is an unknown function of the file /x_portal_assemble_designer/jaxrs/widget of the component Personal Profile Page. Such manipulation leads to cross site scripting.

This vulnerability is documented as CVE-2025-9659. The attack can be executed remotely. Additionally, an exploit exists.

The vendor replies in the GitHub issue (translated from simplified Chinese): “This issue will be fixed in the new version”VulDB Recent EntriesRead More