CNNVD-202508-3706 Information

CNNVD ID

CNNVD-202508-3706

Related CVE

CVE-2025-9737

• CNNVD Published: 2025-08-31

Description (Chinese)

O2OA是O2OA开源的一款企业应用开发平台。 O2OA 10.0-410及之前版本存在安全漏洞，该漏洞源于对文件/x_query_assemble_designer/jaxrs/importmodel中参数description/applicationName/queryName的错误操作导致跨站脚本攻击。

Description (English)

O2OA is an enterprise application development platform for O2OA open sources. There is a security loophole in O2OA 10.0-410 and earlier versions, which stems from an error in the use of the parameter in file/x query assemble designer/jaxrs/importmode that resulted in a cross-stop script attack.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

O2OA

Published

2025-08-31

Last Modified

2026-02-24

References

https://github.com/o2oa/o2oa/issues/189#issuecomment-3212649984 https://github.com/o2oa/o2oa/issues/189#issue-3332991019 https://vuldb.com/?submit.637251 https://vuldb.com/?id.322036 https://vuldb.com/?ctiid.322036 https://access.redhat.com/security/cve/cve-2025-9737 https://nvd.nist.gov/vuln/detail/CVE-2025-9737