CVE-2025-9715 | O2OA up to 10.0-410 Personal Profile Page script name/alias/description cross site scripting (Issue 181)

A vulnerability, which was classified as problematic, was found in O2OA up to 10.0-410. Affected is an unknown function of the file /x_cms_assemble_control/jaxrs/script of the component Personal Profile Page. The manipulation of the argument name/alias/description results in cross site scripting.

This vulnerability is reported as CVE-2025-9715. The attack can be launched remotely. Moreover, an exploit is present.

The vendor replied in the GitHub issue (translated from simplified Chinese): “This issue will be fixed in the new version.”VulDB Recent EntriesRead More