CVE-2025-9658 in O2OAinfo

Zusammenfassung

von MITRE • 29.08.2025

A flaw has been found in O2OA up to 10.0-410. Impacted is an unknown function of the file /x_portal_assemble_designer/jaxrs/dict/ of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

VulDB

Veröffentlichung

29.08.2025

Moderieren

akzeptiert

Eintrag

VDB-321866

CPE

bereit

CWE

CWE-79 (bestätigt)

Exploit

Download

CVSS

5.4 (NVD)

EPSS

0.00078

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-9658
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-9658
CVE Details	https://www.cvedetails.com/cve/CVE-2025-9658/

◂ Zurück Übersicht Weiter ▸

Do you know our Splunk app?

Download it now for free!