Vulnerability Description
A vulnerability was found in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /x_cms_assemble_control/jaxrs/form of the component Personal Profile Page. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit has been made public and could be used. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zoneland | O2Oa | <= 10.0-410 |
Related Weaknesses (CWE)
References
- https://github.com/o2oa/o2oa/issues/180ExploitIssue TrackingVendor Advisory
- https://github.com/o2oa/o2oa/issues/180#issue-3332965662ExploitIssue TrackingVendor Advisory
- https://github.com/o2oa/o2oa/issues/180#issuecomment-3212879749ExploitIssue TrackingVendor Advisory
- https://vuldb.com/?ctiid.321895Permissions RequiredVDB Entry
- https://vuldb.com/?id.321895Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.637241Third Party AdvisoryVDB Entry
- https://github.com/o2oa/o2oa/issues/180ExploitIssue TrackingVendor Advisory
- https://github.com/o2oa/o2oa/issues/180#issue-3332965662ExploitIssue TrackingVendor Advisory
- https://github.com/o2oa/o2oa/issues/180#issuecomment-3212879749ExploitIssue TrackingVendor Advisory
FAQ
What is CVE-2025-9683?
CVE-2025-9683 is a vulnerability with a CVSS score of 3.5 (LOW). A vulnerability was found in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /x_cms_assemble_control/jaxrs/form of the component Personal Profile Page. The manipu...
How severe is CVE-2025-9683?
CVE-2025-9683 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-9683?
Check the references section above for vendor advisories and patch information. Affected products include: Zoneland O2Oa.