CVE-2025-9716

Sažetak

A vulnerability was determined in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /x_processplatform_assemble_designer/jaxrs/form of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."

Reference

https://github.com/o2oa/o2oa/issues/182
https://github.com/o2oa/o2oa/issues/182#issue-3332970310
https://github.com/o2oa/o2oa/issues/182#issuecomment-3212879158
https://vuldb.com/?ctiid.322004
https://vuldb.com/?id.322004
https://vuldb.com/?submit.637244
https://github.com/o2oa/o2oa/issues/182
https://github.com/o2oa/o2oa/issues/182#issue-3332970310
https://github.com/o2oa/o2oa/issues/182#issuecomment-3212879158

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

11-09-2025 - 21:15

Objavljeno

31-08-2025 - 05:15