O2OA har 10.0-410 Personal Profile Page widget Cross Site Scripting

Wuro vulnerability wey an yi classify sey karshewa an gano shi a cikin O2OA har 10.0-410. Gaskiya, $software_function na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, $software_library na cikin lissafi, /x_portal_assemble_designer/jaxrs/widget na cikin fayil, Personal Profile Page na cikin sashi. Ngam manipulation shi Cross Site Scripting. CWE shidin ka a yi bayani matsala sai ya kai CWE-79. Gaskiya, laifi an fitar da shi 08/29/2025 a matsayin 175. Advisory ɗin ana rabawa don saukewa a github.com. Wannan rauni ana sayar da shi da suna CVE-2025-9659. Ngam yiɗi ka a tuma ndiyam ka nder waya. Tekinikal bayani ga. Kuma, exploit ɗin yana akwai. Wuro exploit ɗin an bayyana shi ga jama'a kuma za a iya amfani da shi. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á wúro huɗɗi-na-gaskiya. Wona yiwuwa a zazzage exploit a github.com. Kama 0-day, an ndiyam a wuro be $0-$5k. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

4 Goyarwa · 99 Datenpunkte

FurɗeSúgá
08/29/2025 09:16		Gargadi 1/3
08/29/2025 09:18		Gargadi 2/3
08/29/2025 12:50		Gargadi 3/3
09/17/2025 00:53
cvss3_vuldb_aNNNN
cvss3_vuldb_ePPPP
cvss3_vuldb_rcCCCC
advisory_identifier175175175175
advisory_urlhttps://github.com/o2oa/o2oa/issues/175https://github.com/o2oa/o2oa/issues/175https://github.com/o2oa/o2oa/issues/175https://github.com/o2oa/o2oa/issues/175
advisory_confirm_urlhttps://github.com/o2oa/o2oa/issues/175#issuecomment-3212881171https://github.com/o2oa/o2oa/issues/175#issuecomment-3212881171https://github.com/o2oa/o2oa/issues/175#issuecomment-3212881171https://github.com/o2oa/o2oa/issues/175#issuecomment-3212881171
exploit_availability1111
exploit_publicity1111
exploit_urlhttps://github.com/o2oa/o2oa/issues/175#issue-3332931249https://github.com/o2oa/o2oa/issues/175#issue-3332931249https://github.com/o2oa/o2oa/issues/175#issue-3332931249https://github.com/o2oa/o2oa/issues/175#issue-3332931249
source_cveCVE-2025-9659CVE-2025-9659CVE-2025-9659CVE-2025-9659
cna_responsibleVulDBVulDBVulDBVulDB
response_summaryThe vendor replies in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version"The vendor replies in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version"The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
cvss2_vuldb_avNNNN
cvss2_vuldb_acLLLL
cvss2_vuldb_ciNNNN
cvss2_vuldb_iiPPPP
cvss2_vuldb_aiNNNN
cvss2_vuldb_ePOCPOCPOCPOC
cvss2_vuldb_rcCCCC
cvss4_vuldb_avNNNN
cvss4_vuldb_acLLLL
cvss4_vuldb_prLLLL
cvss4_vuldb_uiPPPP
cvss4_vuldb_vcNNNN
cvss4_vuldb_viLLLL
cvss4_vuldb_vaNNNN
cvss4_vuldb_ePPPP
cvss2_vuldb_auSSSS
cvss2_vuldb_rlNDNDNDND
cvss3_vuldb_rlXXXX
cvss4_vuldb_atNNNN
cvss4_vuldb_scNNNN
cvss4_vuldb_siNNNN
cvss4_vuldb_saNNNN
cvss2_vuldb_basescore4.04.04.04.0
cvss2_vuldb_tempscore3.63.63.63.6
cvss3_vuldb_basescore3.53.53.53.5
cvss3_vuldb_tempscore3.33.33.33.3
cvss3_meta_basescore3.53.53.54.1
cvss3_meta_tempscore3.33.33.34.1
cvss4_vuldb_bscore5.15.15.15.1
cvss4_vuldb_btscore2.02.02.02.0
advisory_date1756418400 (08/29/2025)1756418400 (08/29/2025)1756418400 (08/29/2025)1756418400 (08/29/2025)
price_0day$0-$5k$0-$5k$0-$5k$0-$5k
software_nameo2oaO2OAO2OAO2OA
software_version<=10.0-410<=10.0-410<=10.0-410<=10.0-410
software_componentPersonal Profile PagePersonal Profile PagePersonal Profile PagePersonal Profile Page
software_file/x_portal_assemble_designer/jaxrs/widget/x_portal_assemble_designer/jaxrs/widget/x_portal_assemble_designer/jaxrs/widget/x_portal_assemble_designer/jaxrs/widget
vulnerability_cweCWE-79 (Cross Site Scripting)CWE-79 (Cross Site Scripting)CWE-79 (Cross Site Scripting)CWE-79 (Cross Site Scripting)
vulnerability_risk1111
cvss3_vuldb_avNNNN
cvss3_vuldb_acLLLL
cvss3_vuldb_prLLLL
cvss3_vuldb_uiRRRR
cvss3_vuldb_sUUUU
cvss3_vuldb_cNNNN
cvss3_vuldb_iLLLL
cve_nvd_summaryA vulnerability has been found in O2OA up to 10.0-410. The affected element is an unknown function of the file /x_portal_assemble_designer/jaxrs/widget of the component Personal Profile Page. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
cvss4_cna_avN
cvss4_cna_acL
cvss4_cna_atN
cvss4_cna_prL
cvss4_cna_uiP
cvss4_cna_vcN
cvss4_cna_viL
cvss4_cna_vaN
cvss4_cna_scN
cvss4_cna_siN
cvss4_cna_saN
cvss4_cna_bscore5.1
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prL
cvss3_cna_uiR
cvss3_cna_sU
cvss3_cna_cN
cvss3_cna_iL
cvss3_cna_aN
cvss3_cna_basescore3.5
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prL
cvss3_nvd_uiR
cvss3_nvd_sC
cvss3_nvd_cL
cvss3_nvd_iL
cvss3_nvd_aN
cvss3_nvd_basescore5.4
cvss2_cna_avN
cvss2_cna_acL
cvss2_cna_auS
cvss2_cna_ciN
cvss2_cna_iiP
cvss2_cna_aiN
cvss2_cna_basescore4

GurɗoGumtiGada

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!