Metrics
Affected Vendors & Products
Tue, 02 Sep 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Sat, 30 Aug 2025 08:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A flaw has been found in O2OA up to 10.0-410. Affected is an unknown function of the file /x_program_center/jaxrs/agent of the component Personal Profile Page. Executing manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version." | |
Title | O2OA Personal Profile agent cross site scripting | |
Weaknesses | CWE-79 CWE-94 |
|
References |
| |
Metrics |
cvssV2_0
|

Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2025-09-02T15:19:20.828Z
Reserved: 2025-08-29T10:49:37.919Z
Link: CVE-2025-9681

Updated: 2025-09-02T14:53:33.105Z

Status : Awaiting Analysis
Published: 2025-08-30T09:15:34.970
Modified: 2025-09-02T16:15:41.733
Link: CVE-2025-9681

No data.

No data.