Vulnerability Description
A vulnerability was determined in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /x_processplatform_assemble_designer/jaxrs/form of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zoneland | O2Oa | <= 10.0-410 |
Related Weaknesses (CWE)
References
- https://github.com/o2oa/o2oa/issues/182ExploitIssue Tracking
- https://github.com/o2oa/o2oa/issues/182#issue-3332970310ExploitIssue Tracking
- https://github.com/o2oa/o2oa/issues/182#issuecomment-3212879158ExploitIssue Tracking
- https://vuldb.com/?ctiid.322004Permissions RequiredVDB Entry
- https://vuldb.com/?id.322004Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.637244Third Party AdvisoryVDB Entry
- https://github.com/o2oa/o2oa/issues/182ExploitIssue Tracking
- https://github.com/o2oa/o2oa/issues/182#issue-3332970310ExploitIssue Tracking
- https://github.com/o2oa/o2oa/issues/182#issuecomment-3212879158ExploitIssue Tracking
FAQ
What is CVE-2025-9716?
CVE-2025-9716 is a vulnerability with a CVSS score of 3.5 (LOW). A vulnerability was determined in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /x_processplatform_assemble_designer/jaxrs/form of the component Personal ...
How severe is CVE-2025-9716?
CVE-2025-9716 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-9716?
Check the references section above for vendor advisories and patch information. Affected products include: Zoneland O2Oa.