CVE-2025-9716 | O2OA up to 10.0-410 Personal Profile Page form name/alias/description cross site scripting (Issue 182)

A vulnerability has been found in O2OA up to 10.0-410 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /x_processplatform_assemble_designer/jaxrs/form of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting.

This vulnerability appears as CVE-2025-9716. The attack may be initiated remotely. In addition, an exploit is available.

The vendor replied in the GitHub issue (translated from simplified Chinese): “This issue will be fixed in the new version.”VulDB Recent EntriesRead More