CVE-2025-9680 | O2OA up to 10.0-410 Personal Profile Page page cross site scripting (Issue 176)

A vulnerability has been found in O2OA up to 10.0-410 and classified as problematic. This impacts an unknown function of the file /x_portal_assemble_designer/jaxrs/page of the component Personal Profile Page. Performing manipulation results in cross site scripting.

This vulnerability is identified as CVE-2025-9680. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor replied in the GitHub issue (translated from simplified Chinese): “This issue will be fixed in the new version.”VulDB Recent EntriesRead More