EUVD-2025-26263

Malicious code in bioql PyPI...

CVE-2025-9716

A vulnerability was determined in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /xprocessplatformassembledesigner/jaxrs/form of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting...

CVE-2025-9737

A vulnerability was detected in O2OA up to 10.0-410. Affected is an unknown function of the file /xqueryassembledesigner/jaxrs/importmodel of the component Personal Profile Page. Performing manipulation of the argument description/applicationName/queryName results in cross site scripting. Remote...

CVE-2025-9736 O2OA Personal Profile statement cross site scripting

A security vulnerability has been detected in O2OA up to 10.0-410. This impacts an unknown function of the file /xqueryassembledesigner/jaxrs/statement of the component Personal Profile Page. Such manipulation of the argument description/queryName leads to cross site scripting. The attack may be...

CVE-2025-9735 O2OA Personal Profile table cross site scripting

A weakness has been identified in O2OA up to 10.0-410. This affects an unknown function of the file /xqueryassembledesigner/jaxrs/table of the component Personal Profile Page. This manipulation of the argument description/applicationName/queryName causes cross site scripting. The attack may be...

CVE-2025-9734

A security flaw has been discovered in O2OA up to 10.0-410. The impacted element is an unknown function of the file /xqueryassembledesigner/jaxrs/stat of the component Personal Profile Page. The manipulation of the argument name/alias/description/applicationName results in cross site scripting. T...

CVE-2025-9716

A vulnerability was determined in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /xprocessplatformassembledesigner/jaxrs/form of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting...

PT-2025-35417

Name of the Vulnerable Software and Affected Versions: O2OA versions up to 10.0-410 Description: A security issue has been identified in O2OA that allows for cross site scripting. The issue impacts an unknown function within the /x query assemble designer/jaxrs/statement file of the Personal...

CVE-2025-9683

A vulnerability was found in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /xcmsassemblecontrol/jaxrs/form of the component Personal Profile Page. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit has been ma...

CVE-2025-9683 O2OA Personal Profile form cross site scripting

A vulnerability was found in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /xcmsassemblecontrol/jaxrs/form of the component Personal Profile Page. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit has been ma...

CVE-2025-9681

The CVE-2025-9681 vulnerability affects the O2OA platform, specifically the Personal Profile Page component, within the /x_program_center/jaxrs/agent file. The flaw is triggered by manipulation of an unknown function, enabling cross-site scripting and allowing a remote attacker to exploit the iss...

PT-2025-35348

Name of the Vulnerable Software and Affected Versions: O2OA versions up to 10.0-410 Description: A flaw exists in O2OA, potentially leading to cross site scripting. The issue affects an unknown function within the /x program center/jaxrs/agent file of the Personal Profile Page component. The atta...

PT-2025-35351

Name of the Vulnerable Software and Affected Versions: O2OA versions up to 10.0-410 Description: A cross-site scripting issue exists in O2OA’s Personal Profile Page. The issue is related to an unknown functionality of the file /x cms assemble control/jaxrs/design/appdict. The attack can be...

PT-2025-35352

Name of the Vulnerable Software and Affected Versions: O2OA versions up to 10.0-410 Description: A cross site scripting issue exists in O2OA up to version 10.0-410. The issue is related to an unknown functionality within the file /x cms assemble control/jaxrs/form of the Personal Profile Page...

CVE-2025-9658

A flaw has been found in O2OA up to 10.0-410. Impacted is an unknown function of the file /xportalassembledesigner/jaxrs/dict/ of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting. Remote exploitation of the attack is possibl...

CVE-2025-9658 O2OA Personal Profile dict cross site scripting

A flaw has been found in O2OA up to 10.0-410. Impacted is an unknown function of the file /xportalassembledesigner/jaxrs/dict/ of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting. Remote exploitation of the attack is possibl...

CVE-2025-9657

CVE-2025-9657 (O2OA) affects O2OA up to version 10.0-410, specifically the Personal Profile Page component. The vulnerability is a cross-site scripting flaw caused by improper processing of the file path /x_program_center/jaxrs/script where manipulation of the argument name/alias/description can ...

CVE-2025-9655

A weakness has been identified in O2OA up to 10.0-410. This affects an unknown part of the file /xorganizationassemblecontrol/jaxrs/person/ of the component Personal Profile Page. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be launched...

PT-2025-35247

Name of the Vulnerable Software and Affected Versions: O2OA versions prior to 10.0-410 Description: A cross-site scripting issue exists in O2OA’s Personal Profile Page component. The issue is related to an unknown function within the /x portal assemble designer/jaxrs/widget file. Successful...

CVE-2020-10669

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to authentication bypass on the page /home.jsp. An unauthenticated attacker able to connect to the device's web interface can get a copy of the documents uploaded by any users. NOTE: this is fixed in the late...