CVE-2025-9682 | O2OA up to 10.0-410 Personal Profile Page appdict cross site scripting (Issue 179)

A vulnerability was found in O2OA up to 10.0-410. It has been classified as problematic. Affected by this vulnerability is an unknown functionality of the file /x_cms_assemble_control/jaxrs/design/appdict of the component Personal Profile Page. The manipulation leads to cross site scripting.

This vulnerability is listed as CVE-2025-9682. The attack may be initiated remotely. In addition, an exploit is available.

The vendor replied in the GitHub issue (translated from simplified Chinese): “This issue will be fixed in the new version.”VulDB Recent EntriesRead More