CNNVD-202508-3676 Information
CNNVD ID
CNNVD-202508-3676
Related CVE
- CNNVD Published: 2025-08-30
Description (Chinese)
O2OA是O2OA开源的一款企业应用开发平台。 O2OA 10.0-410及之前版本存在安全漏洞,该漏洞源于文件/x_cms_assemble_control/jaxrs/design/appdict中参数的错误操作导致跨站脚本。
Description (English)
O2OA is an enterprise application development platform for O2OA open sources. The O2OA 10.0-410 and previous versions had a security loophole that originated from the error in the parameters in the file/x cms assemble control/jaxrs/design/appict resulting in a cross-site script.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
O2OA
Published
2025-08-30
Last Modified
2026-02-24
References
https://vuldb.com/?submit.637240 https://vuldb.com/?id.321894 https://vuldb.com/?ctiid.321894 https://github.com/o2oa/o2oa/issues/179#issuecomment-3212879970 https://github.com/o2oa/o2oa/issues/179#issue-3332951521 https://nvd.nist.gov/vuln/detail/CVE-2025-9682 https://access.redhat.com/security/cve/cve-2025-9682
Share on: