CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (22,695)

page 625 of 1,135

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-9737	Zoneland O2oa	Low	0.23	3.5	Aug 31, 2025	A vulnerability was detected in O2OA up to 10.0-410. Affected is an unknown function of the file /x_query_assemble_designer/jaxrs/importmodel of the component Personal Profile Page. Performing manipulation of the argument description/applicationName/queryName results in cross…
CVE-2025-9736	Zoneland O2oa	Low	0.23	3.5	Aug 31, 2025	A security vulnerability has been detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_query_assemble_designer/jaxrs/statement of the component Personal Profile Page. Such manipulation of the argument description/queryName leads to cross site…
CVE-2025-9735	Zoneland O2oa	Low	0.23	3.5	Aug 31, 2025	A weakness has been identified in O2OA up to 10.0-410. This affects an unknown function of the file /x_query_assemble_designer/jaxrs/table of the component Personal Profile Page. This manipulation of the argument description/applicationName/queryName causes cross site scripting.…
CVE-2025-9734	Zoneland O2oa	Low	0.23	3.5	Aug 31, 2025	A security flaw has been discovered in O2OA up to 10.0-410. The impacted element is an unknown function of the file /x_query_assemble_designer/jaxrs/stat of the component Personal Profile Page. The manipulation of the argument name/alias/description/applicationName results in…
CVE-2025-9724	Portabilis I Educar	Low	0.23	3.5	Aug 31, 2025	A vulnerability was determined in Portabilis i-Educar up to 2.10. This impacts an unknown function of the file /intranet/educar_nivel_ensino_cad.php. Executing manipulation of the argument nm_nivel/descricao can lead to cross site scripting. The attack can be launched remotely.…
CVE-2025-9723	Portabilis I Educar	Low	0.23	3.5	Aug 31, 2025	A vulnerability was found in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/educar_tipo_regime_cad.php. Performing manipulation of the argument nm_tipo results in cross site scripting. The attack can be initiated remotely. The exploit has…
CVE-2025-9722	Portabilis I Educar	Low	0.23	3.5	Aug 31, 2025	A vulnerability has been found in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file /intranet/educar_tipo_ocorrencia_disciplinar_cad.php. Such manipulation of the argument nm_tipo/descricao leads to cross site scripting. It is possible to…
CVE-2025-9721	Portabilis I Educar	Low	0.23	3.5	Aug 31, 2025	A flaw has been found in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/FormulaMedia/edit. This manipulation of the argument nome/formulaMedia causes cross site scripting. It is possible to initiate the attack remotely. The…
CVE-2025-9720	Portabilis I Educar	Low	0.23	3.5	Aug 31, 2025	A vulnerability was detected in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/TabelaArredondamento/edit of the component Cadastrar tabela de arredondamento Page. The manipulation of the argument Nome results in cross site scripting. The…
CVE-2025-9719	Zoneland O2oa	Low	0.23	3.5	Aug 31, 2025	A weakness has been identified in O2OA up to 10.0-410. This vulnerability affects unknown code of the file /x_processplatform_assemble_designer/jaxrs/script of the component Personal Profile Page. Executing manipulation of the argument name/alias/description/applicationName can…
CVE-2025-9718	Zoneland O2oa	Low	0.23	3.5	Aug 31, 2025	A security flaw has been discovered in O2OA up to 10.0-410. This affects an unknown part of the file /x_processplatform_assemble_designer/jaxrs/process of the component Personal Profile Page. Performing manipulation of the argument name/alias results in cross site scripting.…
CVE-2025-9717	Zoneland O2oa	Low	0.23	3.5	Aug 31, 2025	A vulnerability was identified in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /x_organization_assemble_control/jaxrs/unit/ of the component Personal Profile Page. Such manipulation of the argument name/shortName/distinguishedName/pinyin/p…
CVE-2025-9716	Zoneland O2oa	Low	0.23	3.5	Aug 31, 2025	A vulnerability was determined in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /x_processplatform_assemble_designer/jaxrs/form of the component Personal Profile Page. This manipulation of the argument name/alias/description causes…
CVE-2025-9715	Zoneland O2oa	Low	0.23	3.5	Aug 31, 2025	A vulnerability was found in O2OA up to 10.0-410. Affected is an unknown function of the file /x_cms_assemble_control/jaxrs/script of the component Personal Profile Page. The manipulation of the argument name/alias/description results in cross site scripting. The attack can be…
CVE-2025-9683	Zoneland O2oa	Low	0.23	3.5	Aug 30, 2025	A vulnerability was found in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /x_cms_assemble_control/jaxrs/form of the component Personal Profile Page. The manipulation results in cross site scripting. The attack may be launched remotely.…
CVE-2025-9682	Zoneland O2oa	Low	0.23	3.5	Aug 30, 2025	A vulnerability has been found in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /x_cms_assemble_control/jaxrs/design/appdict of the component Personal Profile Page. The manipulation leads to cross site scripting. The attack may be…
CVE-2025-9681	Zoneland O2oa	Low	0.23	3.5	Aug 30, 2025	A flaw has been found in O2OA up to 10.0-410. Affected is an unknown function of the file /x_program_center/jaxrs/agent of the component Personal Profile Page. Executing manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been…
CVE-2025-9680	Zoneland O2oa	Low	0.23	3.5	Aug 30, 2025	A vulnerability was detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_portal_assemble_designer/jaxrs/page of the component Personal Profile Page. Performing manipulation results in cross site scripting. The attack can be initiated remotely. The…
CVE-2025-9659	Zoneland O2oa	Low	0.23	3.5	Aug 29, 2025	A vulnerability has been found in O2OA up to 10.0-410. The affected element is an unknown function of the file /x_portal_assemble_designer/jaxrs/widget of the component Personal Profile Page. Such manipulation leads to cross site scripting. The attack can be executed remotely.…
CVE-2025-9658	Zoneland O2oa	Low	0.23	3.5	Aug 29, 2025	A flaw has been found in O2OA up to 10.0-410. Impacted is an unknown function of the file /x_portal_assemble_designer/jaxrs/dict/ of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting. Remote exploitation of…

CVE-2025-9737LowAug 31, 2025
Zoneland
O2oa
risk 0.23cvss 3.5epss 0.00
A vulnerability was detected in O2OA up to 10.0-410. Affected is an unknown function of the file /x_query_assemble_designer/jaxrs/importmodel of the component Personal Profile Page. Performing manipulation of the argument description/applicationName/queryName results in cross…
CVE-2025-9736LowAug 31, 2025
Zoneland
O2oa
risk 0.23cvss 3.5epss 0.00
A security vulnerability has been detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_query_assemble_designer/jaxrs/statement of the component Personal Profile Page. Such manipulation of the argument description/queryName leads to cross site…
CVE-2025-9735LowAug 31, 2025
Zoneland
O2oa
risk 0.23cvss 3.5epss 0.00
A weakness has been identified in O2OA up to 10.0-410. This affects an unknown function of the file /x_query_assemble_designer/jaxrs/table of the component Personal Profile Page. This manipulation of the argument description/applicationName/queryName causes cross site scripting.…
CVE-2025-9734LowAug 31, 2025
Zoneland
O2oa
risk 0.23cvss 3.5epss 0.00
A security flaw has been discovered in O2OA up to 10.0-410. The impacted element is an unknown function of the file /x_query_assemble_designer/jaxrs/stat of the component Personal Profile Page. The manipulation of the argument name/alias/description/applicationName results in…
CVE-2025-9724LowAug 31, 2025
Portabilis
I Educar
risk 0.23cvss 3.5epss 0.00
A vulnerability was determined in Portabilis i-Educar up to 2.10. This impacts an unknown function of the file /intranet/educar_nivel_ensino_cad.php. Executing manipulation of the argument nm_nivel/descricao can lead to cross site scripting. The attack can be launched remotely.…
CVE-2025-9723LowAug 31, 2025
Portabilis
I Educar
risk 0.23cvss 3.5epss 0.00
A vulnerability was found in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/educar_tipo_regime_cad.php. Performing manipulation of the argument nm_tipo results in cross site scripting. The attack can be initiated remotely. The exploit has…
CVE-2025-9722LowAug 31, 2025
Portabilis
I Educar
risk 0.23cvss 3.5epss 0.00
A vulnerability has been found in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file /intranet/educar_tipo_ocorrencia_disciplinar_cad.php. Such manipulation of the argument nm_tipo/descricao leads to cross site scripting. It is possible to…
CVE-2025-9721LowAug 31, 2025
Portabilis
I Educar
risk 0.23cvss 3.5epss 0.00
A flaw has been found in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/FormulaMedia/edit. This manipulation of the argument nome/formulaMedia causes cross site scripting. It is possible to initiate the attack remotely. The…
CVE-2025-9720LowAug 31, 2025
Portabilis
I Educar
risk 0.23cvss 3.5epss 0.00
A vulnerability was detected in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/TabelaArredondamento/edit of the component Cadastrar tabela de arredondamento Page. The manipulation of the argument Nome results in cross site scripting. The…
CVE-2025-9719LowAug 31, 2025
Zoneland
O2oa
risk 0.23cvss 3.5epss 0.00
A weakness has been identified in O2OA up to 10.0-410. This vulnerability affects unknown code of the file /x_processplatform_assemble_designer/jaxrs/script of the component Personal Profile Page. Executing manipulation of the argument name/alias/description/applicationName can…
CVE-2025-9718LowAug 31, 2025
Zoneland
O2oa
risk 0.23cvss 3.5epss 0.00
A security flaw has been discovered in O2OA up to 10.0-410. This affects an unknown part of the file /x_processplatform_assemble_designer/jaxrs/process of the component Personal Profile Page. Performing manipulation of the argument name/alias results in cross site scripting.…
CVE-2025-9717LowAug 31, 2025
Zoneland
O2oa
risk 0.23cvss 3.5epss 0.00
A vulnerability was identified in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /x_organization_assemble_control/jaxrs/unit/ of the component Personal Profile Page. Such manipulation of the argument name/shortName/distinguishedName/pinyin/p…
CVE-2025-9716LowAug 31, 2025
Zoneland
O2oa
risk 0.23cvss 3.5epss 0.00
A vulnerability was determined in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /x_processplatform_assemble_designer/jaxrs/form of the component Personal Profile Page. This manipulation of the argument name/alias/description causes…
CVE-2025-9715LowAug 31, 2025
Zoneland
O2oa
risk 0.23cvss 3.5epss 0.00
A vulnerability was found in O2OA up to 10.0-410. Affected is an unknown function of the file /x_cms_assemble_control/jaxrs/script of the component Personal Profile Page. The manipulation of the argument name/alias/description results in cross site scripting. The attack can be…
CVE-2025-9683LowAug 30, 2025
Zoneland
O2oa
risk 0.23cvss 3.5epss 0.00
A vulnerability was found in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /x_cms_assemble_control/jaxrs/form of the component Personal Profile Page. The manipulation results in cross site scripting. The attack may be launched remotely.…
CVE-2025-9682LowAug 30, 2025
Zoneland
O2oa
risk 0.23cvss 3.5epss 0.00
A vulnerability has been found in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /x_cms_assemble_control/jaxrs/design/appdict of the component Personal Profile Page. The manipulation leads to cross site scripting. The attack may be…
CVE-2025-9681LowAug 30, 2025
Zoneland
O2oa
risk 0.23cvss 3.5epss 0.00
A flaw has been found in O2OA up to 10.0-410. Affected is an unknown function of the file /x_program_center/jaxrs/agent of the component Personal Profile Page. Executing manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been…
CVE-2025-9680LowAug 30, 2025
Zoneland
O2oa
risk 0.23cvss 3.5epss 0.00
A vulnerability was detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_portal_assemble_designer/jaxrs/page of the component Personal Profile Page. Performing manipulation results in cross site scripting. The attack can be initiated remotely. The…
CVE-2025-9659LowAug 29, 2025
Zoneland
O2oa
risk 0.23cvss 3.5epss 0.00
A vulnerability has been found in O2OA up to 10.0-410. The affected element is an unknown function of the file /x_portal_assemble_designer/jaxrs/widget of the component Personal Profile Page. Such manipulation leads to cross site scripting. The attack can be executed remotely.…
CVE-2025-9658LowAug 29, 2025
Zoneland
O2oa
risk 0.23cvss 3.5epss 0.00
A flaw has been found in O2OA up to 10.0-410. Impacted is an unknown function of the file /x_portal_assemble_designer/jaxrs/dict/ of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting. Remote exploitation of…