CVE-2025-9717

Medium CVSS: 5.1

A vulnerability was identified in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /x_organization_assemble_control/jaxrs/unit/ of the component Personal Profile Page. Such manipulation of the argument name/shortName/distinguishedName/pinyin/pinyinInitial/levelName leads to cross site scripting. The attack may be launched remotely. The exploit is publicly available and might be used.

Vendor

Zoneland

Product

O2oa

CWE

CWE-79

Yayın Tarihi

2025-08-31 05:15:33

Güncelleme

2025-09-09 19:11:31

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-79 O2oa MEDIUM Zoneland 2025

Referanslar

https://github.com/o2oa/o2oa/issues/183 https://github.com/o2oa/o2oa/issues/183#issue-3332973239 https://vuldb.com/?ctiid.322005 https://vuldb.com/?id.322005 https://vuldb.com/?submit.637245 https://github.com/o2oa/o2oa/issues/183 https://github.com/o2oa/o2oa/issues/183#issue-3332973239

Benzer Kayıtlar

Medium

CVE-2026-2074

A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /x_program_center/jaxrs…

Medium

CVE-2025-9737

A vulnerability was detected in O2OA up to 10.0-410. Affected is an unknown function of the file /x_query_assemble_desig…

Medium

CVE-2025-9735

A weakness has been identified in O2OA up to 10.0-410. This affects an unknown function of the file /x_query_assemble_de…

Medium

CVE-2025-9736

A security vulnerability has been detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_query…

Medium

CVE-2025-9734

A security flaw has been discovered in O2OA up to 10.0-410. The impacted element is an unknown function of the file /x_q…

Medium

CVE-2025-9718

A security flaw has been discovered in O2OA up to 10.0-410. This affects an unknown part of the file /x_processplatform_…