4 matches found
CVE-2025-9683 O2OA Personal Profile form cross site scripting
A vulnerability was found in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /xcmsassemblecontrol/jaxrs/form of the component Personal Profile Page. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit has been ma...
CVE-2025-9682 O2OA Personal Profile appdict cross site scripting
A vulnerability has been found in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /xcmsassemblecontrol/jaxrs/design/appdict of the component Personal Profile Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The...
CVE-2025-9682
CVE-2025-9682 affects O2OA up to version 10.0-410. The vulnerability is a cross-site scripting issue in the Personal Profile Page, caused by manipulation of an unknown functionality in the file /x_cms_assemble_control/jaxrs/design/appdict. It can be exploited remotely, and the exploit has been di...
CVE-2025-9658 O2OA Personal Profile dict cross site scripting
A flaw has been found in O2OA up to 10.0-410. Impacted is an unknown function of the file /xportalassembledesigner/jaxrs/dict/ of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting. Remote exploitation of the attack is possibl...