CVE-2025-9719 | O2OA up to 10.0-410 Personal Profile Page script name/alias/description/applicationName cross site scripting (Issue 185)

Inserito da Angelo Barbosa | Ago 30, 2025 | CVE

A vulnerability was found in O2OA up to 10.0-410. It has been declared as problematic. This vulnerability affects unknown code of the file /x_processplatform_assemble_designer/jaxrs/script of the component Personal Profile Page. Executing manipulation of the argument name/alias/description/applicationName can lead to cross site scripting.

This vulnerability is handled as CVE-2025-9719. The attack can be executed remotely. Additionally, an exploit exists.

CVE-2025-9719 | O2OA up to 10.0-410 Personal Profile Page script name/alias/description/applicationName cross site scripting (Issue 185)

Post correlati

CVE-2025-45814 | Novelsat NS2000/NS3000 missing authentication

CVE-2025-10728 | Qt up to 6.8.4/6.9.2 SSVG File Renderer recursion

CVE-2023-2921 | Short URL Plugin up to 1.6.8 on WordPress sql injection

CVE-2024-6450 | HyperView Geoportal Toolkit up to 8.2.4 URL cross site scripting