CNNVD-202508-3573 Information

Aug 29, 2025 cve

CNNVD ID

CNNVD-202508-3573

CVE-2025-9646

CNNVD Published: 2025-08-29

Description (Chinese)

O2OA是O2OA开源的一款企业应用开发平台。 O2OA 10.0-410及之前版本存在安全漏洞，该漏洞源于文件/x_organization_assemble_personal/jaxrs/definition/calendarConfig中参数toMonthViewName的错误操作导致跨站脚本。

Description (English)

O2OA is an enterprise application development platform for O2OA open sources. A security loophole exists in O2OA 10.0-410 and earlier versions, which stems from the error in the parameters in file/x organization assemble personal/jaxrs/definition/calendarConfig tomonthViewName resulting in a cross-site script.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

O2OA

Published

2025-08-29

Last Modified

2026-02-24

References

https://vuldb.com/?submit.636625 https://vuldb.com/?id.321853 https://vuldb.com/?ctiid.321853 https://github.com/o2oa/o2oa/issues/170#issuecomment-3212894835 https://github.com/o2oa/o2oa/issues/170#issue-3328947938 https://access.redhat.com/security/cve/cve-2025-9646 https://nvd.nist.gov/vuln/detail/CVE-2025-9646

Share on: