CVE-2025-9683 O2OA Personal Profile form cross site scripting

A vulnerability was found in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /xcmsassemblecontrol/jaxrs/form of the component Personal Profile Page. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit has been ma...

CVE-2025-9682

CVE-2025-9682 affects O2OA up to version 10.0-410. The vulnerability is a cross-site scripting issue in the Personal Profile Page, caused by manipulation of an unknown functionality in the file /x_cms_assemble_control/jaxrs/design/appdict. It can be exploited remotely, and the exploit has been di...

CVE-2025-9682 O2OA Personal Profile appdict cross site scripting

A vulnerability has been found in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /xcmsassemblecontrol/jaxrs/design/appdict of the component Personal Profile Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The...

CVE-2025-9682 O2OA Personal Profile appdict cross site scripting

A vulnerability has been found in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /xcmsassemblecontrol/jaxrs/design/appdict of the component Personal Profile Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The...

CVE-2025-9681 O2OA Personal Profile agent cross site scripting

A flaw has been found in O2OA up to 10.0-410. Affected is an unknown function of the file /xprogramcenter/jaxrs/agent of the component Personal Profile Page. Executing manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be use...

CVE-2025-9680

A vulnerability was detected in O2OA up to 10.0-410. This impacts an unknown function of the file /xportalassembledesigner/jaxrs/page of the component Personal Profile Page. Performing manipulation results in cross site scripting. The attack can be initiated remotely. The exploit is now public an...

CVE-2025-9680

A vulnerability was detected in O2OA up to 10.0-410. This impacts an unknown function of the file /xportalassembledesigner/jaxrs/page of the component Personal Profile Page. Performing manipulation results in cross site scripting. The attack can be initiated remotely. The exploit is now public an...

CVE-2025-9680 O2OA Personal Profile page cross site scripting

A vulnerability was detected in O2OA up to 10.0-410. This impacts an unknown function of the file /xportalassembledesigner/jaxrs/page of the component Personal Profile Page. Performing manipulation results in cross site scripting. The attack can be initiated remotely. The exploit is now public an...

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA open source. A security vulnerability exists in O2OA version 10.0-410 and earlier, which originates from cross-site scripting due to incorrect manipulation of parameters in the file /xcmsassemblecontrol/jaxrs/form...

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA open source. A security vulnerability exists in O2OA version 10.0-410 and earlier, which originates from cross-site scripting due to incorrect manipulation of parameters in the file /xprogramcenter/jaxrs/agent...

CVE-2025-9659

A vulnerability has been found in O2OA up to 10.0-410. The affected element is an unknown function of the file /xportalassembledesigner/jaxrs/widget of the component Personal Profile Page. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been...

CVE-2025-9659 O2OA Personal Profile widget cross site scripting

A vulnerability has been found in O2OA up to 10.0-410. The affected element is an unknown function of the file /xportalassembledesigner/jaxrs/widget of the component Personal Profile Page. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been...

CVE-2025-9658 O2OA Personal Profile dict cross site scripting

A flaw has been found in O2OA up to 10.0-410. Impacted is an unknown function of the file /xportalassembledesigner/jaxrs/dict/ of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting. Remote exploitation of the attack is possibl...

CVE-2025-9657 O2OA Personal Profile script cross site scripting

A vulnerability was detected in O2OA up to 10.0-410. This issue affects some unknown processing of the file /xprogramcenter/jaxrs/script of the component Personal Profile Page. The manipulation of the argument name/alias/description results in cross site scripting. The attack may be launched...

CVE-2025-9657 O2OA Personal Profile script cross site scripting

A vulnerability was detected in O2OA up to 10.0-410. This issue affects some unknown processing of the file /xprogramcenter/jaxrs/script of the component Personal Profile Page. The manipulation of the argument name/alias/description results in cross site scripting. The attack may be launched...

CVE-2025-9657

CVE-2025-9657 (O2OA) affects O2OA up to version 10.0-410, specifically the Personal Profile Page component. The vulnerability is a cross-site scripting flaw caused by improper processing of the file path /x_program_center/jaxrs/script where manipulation of the argument name/alias/description can ...

CVE-2025-9655 O2OA Personal Profile person cross site scripting

A weakness has been identified in O2OA up to 10.0-410. This affects an unknown part of the file /xorganizationassemblecontrol/jaxrs/person/ of the component Personal Profile Page. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be launched...

CVE-2025-9655

CVE-2025-9655 affects O2OA up to version 10.0-410, specifically the Personal Profile Page component. The issue arises from manipulating the Description argument in the /x_organization_assemble_control/jaxrs/person/ file, enabling cross-site scripting. Exploitation can be performed remotely. Vendo...

CVE-2025-9655 O2OA Personal Profile person cross site scripting

A weakness has been identified in O2OA up to 10.0-410. This affects an unknown part of the file /xorganizationassemblecontrol/jaxrs/person/ of the component Personal Profile Page. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be launched...

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA 10.0-410 and earlier versions, which originates from cross-site scripting due to incorrect operation of the parameter toMonthViewName in the file...