CVE-2025-9719 – O2OA Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-9719

Published : Aug. 31, 2025, 6:15 a.m. | 44 minutes ago

Description : A weakness has been identified in O2OA up to 10.0-410. This vulnerability affects unknown code of the file /x_processplatform_assemble_designer/jaxrs/script of the component Personal Profile Page. Executing manipulation of the argument name/alias/description/applicationName can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.

Severity: 5.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…