CVE-2025-9681 | O2OA up to 10.0-410 Personal Profile Page agent cross site scripting (177/178)

A vulnerability was found in O2OA up to 10.0-410 and classified as problematic. Affected is an unknown function of the file /x_program_center/jaxrs/agent of the component Personal Profile Page. Executing manipulation can lead to cross site scripting.

This vulnerability is tracked as CVE-2025-9681. The attack can be launched remotely. Moreover, an exploit is present.

The vendor replied in the GitHub issue (translated from simplified Chinese): “This issue will be fixed in the new version.”VulDB Recent EntriesRead More