CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/08/31 1:10 p.m.•4 views

CVE-2025-9646

A security flaw has been discovered in O2OA up to 10.0-410. This vulnerability affects unknown code of the file /xorganizationassemblepersonal/jaxrs/definition/calendarConfig. The manipulation of the argument toMonthViewName results in cross site scripting. The attack can be launched remotely. Th...

5.4CVSS3.9AI score0.00245EPSS

Exploits1References1

NVD•added 2025/08/31 6:15 a.m.•3 views

CVE-2025-9718

A security flaw has been discovered in O2OA up to 10.0-410. This affects an unknown part of the file /xprocessplatformassembledesigner/jaxrs/process of the component Personal Profile Page. Performing manipulation of the argument name/alias results in cross site scripting. Remote exploitation of t...

5.4CVSS0.00301EPSS

Cvelist•added 2025/08/31 6:2 a.m.•9 views

CVE-2025-9719 O2OA Personal Profile script cross site scripting

A weakness has been identified in O2OA up to 10.0-410. This vulnerability affects unknown code of the file /xprocessplatformassembledesigner/jaxrs/script of the component Personal Profile Page. Executing manipulation of the argument name/alias/description/applicationName can lead to cross site...

5.1CVSS0.00238EPSS

Exploits1References5

OSV•added 2025/08/31 5:15 a.m.•1 views

CVE-2025-9717

A vulnerability was identified in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /xorganizationassemblecontrol/jaxrs/unit/ of the component Personal Profile Page. Such manipulation of the argument name/shortName/distinguishedName/pinyin/pinyinInitial/levelNa...

5.4CVSS3.9AI score0.00238EPSS

Exploits1References5

NVD•added 2025/08/31 5:15 a.m.•4 views

CVE-2025-9716

A vulnerability was determined in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /xprocessplatformassembledesigner/jaxrs/form of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting...

5.4CVSS0.00279EPSS

OSV•added 2025/08/31 5:15 a.m.•3 views

CVE-2025-9716

5.4CVSS4AI score0.00279EPSS

CVE•added 2025/08/31 5:2 a.m.•16 views

CVE-2025-9717

CVE-2025-9717 affects O2OA up to version 10.0-410, specifically the Personal Profile Page component. The vulnerability stems from cross-site scripting in the file path /x_organization_assemble_control/jaxrs/unit/, where manipulation of arguments such as name, shortName, distinguishedName, pinyin,...

5.4CVSS4AI score0.00238EPSS

Exploits1References5Affected Software1

Cvelist•added 2025/08/31 4:32 a.m.•9 views

CVE-2025-9716 O2OA Personal Profile form cross site scripting

5.1CVSS0.00279EPSS

Vulnrichment•added 2025/08/31 4:32 a.m.•2 views

CVE-2025-9716 O2OA Personal Profile form cross site scripting

5.1CVSS5.5AI score0.00279EPSS

CVE•added 2025/08/31 12:2 a.m.•16 views

CVE-2025-9715

CVE-2025-9715 affects O2OA up to version 10.0-410, specifically the Personal Profile Page component. The vulnerability is a cross-site scripting (XSS) flaw in an unknown function within the file /x_cms_assemble_control/jaxrs/script, triggered by manipulating the name/alias/description arguments. ...

5.4CVSS3.9AI score0.00295EPSS

Exploits1References6Affected Software1

CNNVD•added 2025/08/31 12:0 a.m.•4 views

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA 10.0-410 and earlier versions, which stems from a cross-site scripting attack due to incorrect manipulation of the parameter description/applicationName/queryName in the file...

5.4CVSS4.3AI score0.00302EPSS

5.4CVSS4.3AI score0.00301EPSS

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA 10.0-410 and earlier versions, which stems from cross-site scripting due to incorrect manipulation of the parameter name/alias in the file...

5.4CVSS4.4AI score0.00238EPSS

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA 10.0-410 and earlier versions, which stems from incorrect manipulation of the parameter name/alias/description/applicationName in the file...

5.4CVSS4.3AI score0.00244EPSS

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA 10.0-410 and earlier versions, which originates from a cross-site scripting due to incorrect manipulation of the parameters description/applicationName/queryName in the file...

5.4CVSS4.3AI score0.00302EPSS

O2OA 安全漏洞

5.4CVSS4.3AI score0.00302EPSS

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA version 10.0-410 and earlier, which stems from a cross-site scripting attack due to incorrect manipulation of the parameter description/queryName in the file...

CNNVD•added 2025/08/31 12:0 a.m.•4 views

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA open source. A security vulnerability exists in O2OA 10.0-410 and earlier versions, which stems from a cross-site scripting caused by incorrect manipulation of the parameters name/alias/description in the file...

5.4CVSS4.3AI score0.00279EPSS