CNNVD-202508-3558 Information
CNNVD ID
CNNVD-202508-3558
Related CVE
- CNNVD Published: 2025-08-29
Description (Chinese)
O2OA是O2OA开源的一款企业应用开发平台。 O2OA 10.0-410及之前版本存在安全漏洞,该漏洞源于文件/x_portal_assemble_designer/jaxrs/dict/中参数name/alias/description的错误操作导致跨站脚本。
Description (English)
O2OA is an enterprise application development platform for O2OA open sources. The O2OA 10.0-410 and previous versions had a security loophole, which originated from the error of the file/x portal assemble designer/jaxrs/dict/modename/lias/description resulting in a cross-site script.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
O2OA
Published
2025-08-29
Last Modified
2026-02-24
References
https://vuldb.com/?submit.637221 https://vuldb.com/?id.321866 https://vuldb.com/?ctiid.321866 https://github.com/o2oa/o2oa/issues/174#issuecomment-3212881333 https://github.com/o2oa/o2oa/issues/174#issue-3332928772 https://access.redhat.com/security/cve/cve-2025-9658 https://nvd.nist.gov/vuln/detail/CVE-2025-9658
Share on: