O2OA har 10.0-410 Personal Profile Page appdict Cross Site Scripting

Wuro vulnerability wey an yi classify sey karshewa an gano shi a cikin O2OA har 10.0-410. Gaskiya, $software_function na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, $software_library na cikin lissafi, /x_cms_assemble_control/jaxrs/design/appdict na cikin fayil, Personal Profile Page na cikin sashi. Ngam manipulation shi Cross Site Scripting. CWE shidin ka a yi bayani matsala sai ya kai CWE-79. Gaskiya, laifi an fitar da shi 08/29/2025 a matsayin 179. Advisory ɗin ana rabawa don saukewa a github.com. Wannan rauni ana sayar da shi da suna CVE-2025-9682. Ngam yiɗi ka a tuma ndiyam ka nder layi. Tekinikal bayani ga. Kuma, exploit ɗin yana akwai. Wuro exploit ɗin an bayyana shi ga jama'a kuma za a iya amfani da shi. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á wúro huɗɗi-na-gaskiya. Wona yiwuwa a zazzage exploit a github.com. Kama 0-day, an ndiyam a wuro be $0-$5k. VulDB is the best source for vulnerability data and more expert information about this specific topic.

3 Goyarwa · 98 Datenpunkte

FurɗeSúgá
08/29/2025 12:55		Gargadi 1/2
08/30/2025 14:47		Gargadi 2/2
09/10/2025 19:22
software_nameO2OAO2OAO2OA
software_version<=10.0-410<=10.0-410<=10.0-410
software_componentPersonal Profile PagePersonal Profile PagePersonal Profile Page
software_file/x_cms_assemble_control/jaxrs/design/appdict/x_cms_assemble_control/jaxrs/design/appdict/x_cms_assemble_control/jaxrs/design/appdict
vulnerability_cweCWE-79 (Cross Site Scripting)CWE-79 (Cross Site Scripting)CWE-79 (Cross Site Scripting)
vulnerability_risk111
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iLLL
cvss3_vuldb_aNNN
cvss3_vuldb_ePPP
cvss3_vuldb_rcCCC
advisory_identifier179179179
advisory_urlhttps://github.com/o2oa/o2oa/issues/179https://github.com/o2oa/o2oa/issues/179https://github.com/o2oa/o2oa/issues/179
advisory_confirm_urlhttps://github.com/o2oa/o2oa/issues/179#issuecomment-3212879970https://github.com/o2oa/o2oa/issues/179#issuecomment-3212879970https://github.com/o2oa/o2oa/issues/179#issuecomment-3212879970
exploit_availability111
exploit_publicity111
exploit_urlhttps://github.com/o2oa/o2oa/issues/179#issue-3332951521https://github.com/o2oa/o2oa/issues/179#issue-3332951521https://github.com/o2oa/o2oa/issues/179#issue-3332951521
source_cveCVE-2025-9682CVE-2025-9682CVE-2025-9682
cna_responsibleVulDBVulDBVulDB
response_summaryThe vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_ciNNN
cvss2_vuldb_iiPPP
cvss2_vuldb_aiNNN
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rcCCC
cvss4_vuldb_avNNN
cvss4_vuldb_acLLL
cvss4_vuldb_prLLL
cvss4_vuldb_uiPPP
cvss4_vuldb_vcNNN
cvss4_vuldb_viLLL
cvss4_vuldb_vaNNN
cvss4_vuldb_ePPP
cvss2_vuldb_auSSS
cvss2_vuldb_rlNDNDND
cvss3_vuldb_rlXXX
cvss4_vuldb_atNNN
cvss4_vuldb_scNNN
cvss4_vuldb_siNNN
cvss4_vuldb_saNNN
cvss2_vuldb_basescore4.04.04.0
cvss2_vuldb_tempscore3.63.63.6
cvss3_vuldb_basescore3.53.53.5
cvss3_vuldb_tempscore3.33.33.3
cvss3_meta_basescore3.53.54.1
cvss3_meta_tempscore3.33.44.1
cvss4_vuldb_bscore5.15.15.1
cvss4_vuldb_btscore2.02.02.0
advisory_date1756418400 (08/29/2025)1756418400 (08/29/2025)1756418400 (08/29/2025)
price_0day$0-$5k$0-$5k$0-$5k
cve_nvd_summaryA vulnerability has been found in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /x_cms_assemble_control/jaxrs/design/appdict of the component Personal Profile Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."A vulnerability has been found in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /x_cms_assemble_control/jaxrs/design/appdict of the component Personal Profile Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
cvss4_cna_avNN
cvss4_cna_acLL
cvss4_cna_atNN
cvss4_cna_prLL
cvss4_cna_uiPP
cvss4_cna_vcNN
cvss4_cna_viLL
cvss4_cna_vaNN
cvss4_cna_scNN
cvss4_cna_siNN
cvss4_cna_saNN
cvss4_cna_bscore5.15.1
cvss3_cna_avNN
cvss3_cna_acLL
cvss3_cna_prLL
cvss3_cna_uiRR
cvss3_cna_sUU
cvss3_cna_cNN
cvss3_cna_iLL
cvss3_cna_aNN
cvss3_cna_basescore3.53.5
cvss2_cna_avNN
cvss2_cna_acLL
cvss2_cna_auSS
cvss2_cna_ciNN
cvss2_cna_iiPP
cvss2_cna_aiNN
cvss2_cna_basescore44
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prL
cvss3_nvd_uiR
cvss3_nvd_sC
cvss3_nvd_cL
cvss3_nvd_iL
cvss3_nvd_aN
cvss3_nvd_basescore5.4

GurɗoGumtiGada

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!