EUVD-2025-26261

Malicious code in bioql PyPI...

EUVD-2025-26224

Malicious code in bioql PyPI...

EUVD-2025-26300

Malicious code in bioql PyPI...

EUVD-2025-26217

Malicious code in bioql PyPI...

CVE-2025-9683

A vulnerability was found in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /xcmsassemblecontrol/jaxrs/form of the component Personal Profile Page. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit has been ma...

CVE-2025-9736

A security vulnerability has been detected in O2OA up to 10.0-410. This impacts an unknown function of the file /xqueryassembledesigner/jaxrs/statement of the component Personal Profile Page. Such manipulation of the argument description/queryName leads to cross site scripting. The attack may be...

CVE-2025-9736

The CVE-2025-9736 entry concerns an XSS vulnerability in O2OA’s Personal Profile Page, specifically in the file path /x_query_assemble_designer/jaxrs/statement. The issue arises from manipulating the description/queryName argument, enabling cross-site scripting via remote exploitation. Public dis...

CVE-2025-9655

A weakness has been identified in O2OA up to 10.0-410. This affects an unknown part of the file /xorganizationassemblecontrol/jaxrs/person/ of the component Personal Profile Page. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be launched...

CVE-2025-9717 O2OA Personal Profile unit cross site scripting

A vulnerability was identified in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /xorganizationassemblecontrol/jaxrs/unit/ of the component Personal Profile Page. Such manipulation of the argument name/shortName/distinguishedName/pinyin/pinyinInitial/levelNa...

CVE-2025-9716

CVE-2025-9716 affects O2OA up to version 10.0-410. The vulnerability exists in the Personal Profile Page’s file path /x_processplatform_assemble_designer/jaxrs/form, where manipulation of the name/alias/description argument enables cross-site scripting. The issue can be exploited remotely and, pe...

CVE-2025-9715

A vulnerability was found in O2OA up to 10.0-410. Affected is an unknown function of the file /xcmsassemblecontrol/jaxrs/script of the component Personal Profile Page. The manipulation of the argument name/alias/description results in cross site scripting. The attack can be launched remotely. The...

PT-2025-35390

Name of the Vulnerable Software and Affected Versions: O2OA versions prior to 10.0-410 Description: A cross site scripting issue exists in O2OA due to manipulation of the name, alias, or description argument within the file /x processplatform assemble designer/jaxrs/form of the Personal Profile...

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA 10.0-410 and earlier versions, which stems from cross-site scripting due to incorrect manipulation of the parameter name/alias in the file...

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA 10.0-410 and earlier versions, which originates from a cross-site scripting due to incorrect manipulation of the parameters description/applicationName/queryName in the file...

PT-2025-35416

Name of the Vulnerable Software and Affected Versions: O2OA versions up to 10.0-410 Description: A weakness exists in O2OA that allows for cross site scripting. The issue affects an unknown function within the /x query assemble designer/jaxrs/table file of the Personal Profile Page component...

PT-2025-35391

Name of the Vulnerable Software and Affected Versions: O2OA versions prior to 10.0-410 Description: A vulnerability exists in O2OA that allows for cross site scripting. The issue is related to an unknown functionality within the file /x organization assemble control/jaxrs/unit/ of the Personal...

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA 10.0-410 and earlier versions, which stems from cross-site scripting due to incorrect manipulation of the parameter name/alias/description/applicationName in the file...

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA open source. A security vulnerability exists in O2OA 10.0-410 and earlier versions, which stems from a cross-site scripting caused by incorrect manipulation of the parameters name/alias/description in the file...

CVE-2025-9683

A vulnerability was found in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /xcmsassemblecontrol/jaxrs/form of the component Personal Profile Page. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit has been ma...

CVE-2025-9682

A vulnerability has been found in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /xcmsassemblecontrol/jaxrs/design/appdict of the component Personal Profile Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The...