O2OA mpaka 10.0-410 Personal Profile Page table description/applicationName/queryName Okukwata ku Kuteekateeka mu Kifo Ekitali Kyo (Cross Site Scripting)
| CVSS Obubonero bwa Meta Temp | Ekikadde ky’omuwendo gw’okukozesa obunafu obuliko kati (≈) | CTI Ennyanja y'okukwata ku nsonga |
|---|---|---|
| 4.1 | $0-$5k | 0.00 |
Okusumulula
Waliwo obulabe obwategekeddwa nga kizibu obuzuliddwa mu O2OA mpaka 10.0-410. Obulabe buli ku omugaso ogutamanyiddwa ku fayiro /x_query_assemble_designer/jaxrs/table ku kitundu Personal Profile Page. Okukozesa ku lugero description/applicationName/queryName kivirako Okukwata ku Kuteekateeka mu Kifo Ekitali Kyo (Cross Site Scripting). Obunafu buno buzibwa nga CVE-2025-9735. Kisoboka okutandika okukola attack okuva wala. Okuddamu, waliwo ekikozesebwa ekiriwo. If you want to get best quality of vulnerability data, you may have to visit VulDB.
Ebirimu
Waliwo obulabe obwategekeddwa nga kizibu obuzuliddwa mu O2OA mpaka 10.0-410. Obulabe buli ku omugaso ogutamanyiddwa ku fayiro /x_query_assemble_designer/jaxrs/table ku kitundu Personal Profile Page. Okukozesa ku lugero description/applicationName/queryName kivirako Okukwata ku Kuteekateeka mu Kifo Ekitali Kyo (Cross Site Scripting). Okukozesa CWE okulaga ekizibu kireetera CWE-79. Obunafu buno bwateekebwawo nga 187. Ekiteeso kino kisangibwa ku mukutu ogusobola okuddownloadinga ku github.com.
Obunafu buno buzibwa nga CVE-2025-9735. Kisoboka okutandika okukola attack okuva wala. Obulambulukufu bw'eby'ekikugu buliwo. Obukadde bw'ensobi eno buli wansi w'ekigero ekisookerwako. Okuddamu, waliwo ekikozesebwa ekiriwo. Ekikozesebwa kyamanyiddwa mu bantu era kisobola okukozesebwa. Mu kiseera kino, omutengo ogw’akaseera ku kikozesebwa kiyinza okuba nga giri mu USD $0-$5k mu kiseera kino.
Kitegekeddwa nga ebikakasa eby'okukakasa obusobozi. Kisoboka okuddownloadinga exploit ku github.com.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Ekitundu
Erinnya
Enkola
Olupapula olw’omu mukutu
- Ekitundu: https://github.com/o2oa/o2oa/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Ekikunta: 🔒VulDB Reliability: 🔍
CNA CVSS-B Score: 🔒
CNA CVSS-BT Score: 🔒
CNA Ekikunta: 🔒
CVSSv3
VulDB Obubonero Obusookerwako Obw'enkizo: 4.1VulDB Obubonero bwa Meta Temp: 4.1
VulDB Obubonero Obusookerwako: 3.5
VulDB Obubonero bw’akaseera: 3.3
VulDB Ekikunta: 🔒
VulDB Reliability: 🔍
NVD Obubonero Obusookerwako: 5.4
NVD Ekikunta: 🔒
CNA Obubonero Obusookerwako: 3.5
CNA Ekikunta: 🔒
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Ekikozesebwa | Obuzibu obungi | Okukakasa obutuufu bw'omuntu | Obukakafu | Obutebenkevu | Okusobola okufuna (Obusobozi obw'okufuna) |
|---|---|---|---|---|---|
| okuyimbula | okuyimbula | okuyimbula | okuyimbula | okuyimbula | okuyimbula |
| okuyimbula | okuyimbula | okuyimbula | okuyimbula | okuyimbula | okuyimbula |
| okuyimbula | okuyimbula | okuyimbula | okuyimbula | okuyimbula | okuyimbula |
VulDB Obubonero Obusookerwako: 🔒
VulDB Obubonero bw’akaseera: 🔒
VulDB Reliability: 🔍
Okukozesa obunafu
Ekibiina: Okukwata ku Kuteekateeka mu Kifo Ekitali Kyo (Cross Site Scripting)CWE: CWE-79 / CWE-94 / CWE-74
CAPEC: 🔒
ATT&CK: 🔒
Obulamu obw’omubiri: Nedda
Wansi wano: Nedda
Waliwo okuva wala: Wee
Okusobola okufuna (Obusobozi obw'okufuna): 🔒
Okuyingira: Bweru
Embeera: Ebikakasa eby'okukakasa obusobozi
Okukuba wansi: 🔒
EPSS Score: 🔒
EPSS Percentile: 🔒
Okukulaakulana kw'ebisale: 🔍
Okubala okw’ensimbi okw’akatono okuva mu kiseera kino: 🔒
| 0-Day | okuyimbula | okuyimbula | okuyimbula | okuyimbula |
|---|---|---|---|---|
| Leero | okuyimbula | okuyimbula | okuyimbula | okuyimbula |
Amagezi ku bulabe
Okukwata ku: 🔍Abakola abali mu kikolwa: 🔍
Ebibiina bya APT ebikola kaakano: 🔍
Ebyokukwata ku kwekuumira
Okukakasa: Tewali kikolebwa kimanyiddwaEmbeera: 🔍
Ekiseera kya 0-Day: 🔒
Ekiseera ekyayita
30/08/2025 Ebigambika bisiddwa ku lulwe.30/08/2025 VulDB enteree yakolebwa
05/09/2025 VulDB entry last update
Ebyokutwalira
Ekitundu: github.comOkukebereza: 187
Embeera: Kikakasiddwa
CVE: CVE-2025-9735 (🔒)
GCVE (CVE): GCVE-0-2025-9735
GCVE (VulDB): GCVE-100-322034
EUVD: 🔒
scip Labs: https://www.scip.ch/en/?labs.20161013
Okuyingiza
Kikolebwa: 30/08/2025 18:46Okukozesa enkola empya: 05/09/2025 22:59
Okukyuusa: 30/08/2025 18:46 (57), 31/08/2025 18:33 (30), 31/08/2025 21:54 (1), 05/09/2025 22:59 (11)
Kituufu ddala: 🔍
Owoleza: colorfullbz
Cache ID: 253:0DB:103
Twasiriza
Kikkiriziddwa
- Twasiriza #637249: o2oa ≤ 10.0-410-g3d5e0d2 XSS (kuva colorfullbz)
Tewali biragiddwaako kati. Enimi: lg + en.
Nsaba yingira mu akaawunti yo osobole okwogera.