CVE-2025-9717

Sažetak

A vulnerability was identified in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /x_organization_assemble_control/jaxrs/unit/ of the component Personal Profile Page. Such manipulation of the argument name/shortName/distinguishedName/pinyin/pinyinInitial/levelName leads to cross site scripting. The attack may be launched remotely. The exploit is publicly available and might be used.

Reference

https://github.com/o2oa/o2oa/issues/183
https://github.com/o2oa/o2oa/issues/183#issue-3332973239
https://vuldb.com/?ctiid.322005
https://vuldb.com/?id.322005
https://vuldb.com/?submit.637245
https://github.com/o2oa/o2oa/issues/183
https://github.com/o2oa/o2oa/issues/183#issue-3332973239

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

09-09-2025 - 19:11

Objavljeno

31-08-2025 - 05:15