CVE-2025-9718 | O2OA up to 10.0-410 Personal Profile Page process name/alias cross site scripting (Issue 184)

A vulnerability was found in O2OA up to 10.0-410. It has been classified as problematic. This affects an unknown part of the file /x_processplatform_assemble_designer/jaxrs/process of the component Personal Profile Page. Performing manipulation of the argument name/alias results in cross site scripting.

This vulnerability is known as CVE-2025-9718. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor replied in the GitHub issue (translated from simplified Chinese): “This issue will be fixed in the new version.”

CVE-2025-9718 | O2OA up to 10.0-410 Personal Profile Page process name/alias cross site scripting (Issue 184)

Post correlati

CVE-2023-42943 | Apple macOS up to 13.x Location Data information disclosure

CVE-2023-48642 | Archer Platform up to 6.13 P1 cross site scripting

CVE-2025-27312 | Jenst WP Sitemap Plugin up to 1.0 on WordPress sql injection

CVE-2025-9378 | Vayu Blocks Plugin up to 1.3.9 on WordPress cross site scripting