CVE-2025-9734
O2OA up to version 10.0-410 contains a cross-site scripting vulnerability in the Personal Profile Page component, triggered by manipulating the name/alias/description/applicationName arguments in the file path /x_query_assemble_designer/jaxrs/stat. The issue is exploitable remotely and, per sourc...