Unrated severityNVD Advisory· Published Aug 29, 2025· Updated Aug 29, 2025

O2OA Personal Profile person cross site scripting

CVE-2025-9655

Description

A weakness has been identified in O2OA up to 10.0-410. This affects an unknown part of the file /x_organization_assemble_control/jaxrs/person/ of the component Personal Profile Page. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be launched remotely. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."

Affected products

O2OA/O2OAdescription
O2oa/O2oallm-fuzzy
Range: <=10.0-410

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

vuldb.commitrethird-party-advisory
github.com/o2oa/o2oa/issues/172mitreissue-tracking
github.com/o2oa/o2oa/issues/172mitreissue-tracking
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000