Low severity3.5NVD Advisory· Published Aug 31, 2025· Updated Apr 29, 2026
CVE-2025-9736
CVE-2025-9736
Description
A security vulnerability has been detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_query_assemble_designer/jaxrs/statement of the component Personal Profile Page. Such manipulation of the argument description/queryName leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/o2oa/o2oa/issues/188nvdExploitIssue TrackingThird Party Advisory
- github.com/o2oa/o2oa/issues/188nvdExploitIssue TrackingThird Party Advisory
- github.com/o2oa/o2oa/issues/188nvdExploitIssue TrackingThird Party Advisory
- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdPermissions RequiredVDB Entry
News mentions
0No linked articles in our index yet.