CVE-2025-9717 | O2OA up to 10.0-410 Personal Profile Page unit cross site scripting (Issue 183)

Inserito da Angelo Barbosa | Ago 30, 2025 | CVE

A vulnerability was found in O2OA up to 10.0-410 and classified as problematic. Affected by this issue is some unknown functionality of the file /x_organization_assemble_control/jaxrs/unit/ of the component Personal Profile Page. Such manipulation of the argument name/shortName/distinguishedName/pinyin/pinyinInitial/levelName leads to cross site scripting.

This vulnerability is traded as CVE-2025-9717. The attack may be launched remotely. Furthermore, there is an exploit available.

CVE-2025-9717 | O2OA up to 10.0-410 Personal Profile Page unit cross site scripting (Issue 183)

Post correlati

CVE-2025-26763 | MetaSlider Responsive Slider Plugin up to 3.94.0 on WordPress deserialization

CVE-2024-34480 | SourceCodester Laboratory Management System 1.0 view_category.php sql injection

CVE-2017-13323 | Google Android up to 8.1 String16.cpp String16 out-of-bounds write

CVE-2023-40297 | Stakater Forecastle up to 1.0.139 Website path traversal