CNNVD-202508-3730 Information
CNNVD ID
CNNVD-202508-3730
Related CVE
- CNNVD Published: 2025-08-31
Description (Chinese)
O2OA是O2OA开源的一款企业应用开发平台。 O2OA 10.0-410及之前版本存在安全漏洞,该漏洞源于对文件/x_cms_assemble_control/jaxrs/script中参数name/alias/description的错误操作导致跨站脚本。
Description (English)
O2OA is an enterprise application development platform for O2OA open sources. The O2OA 10.0-410 and previous versions contain a security loophole that results from an error in the use of the parameter name/lias/description in the document/x cms assemble control/jaxrs/script.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
O2OA
Published
2025-08-31
Last Modified
2026-02-24
References
https://vuldb.com/?submit.637243 https://vuldb.com/?id.322003 https://vuldb.com/?ctiid.322003 https://github.com/o2oa/o2oa/issues/181#issuecomment-3212879547 https://github.com/o2oa/o2oa/issues/181#issue-3332967944 https://access.redhat.com/security/cve/cve-2025-9715 https://nvd.nist.gov/vuln/detail/CVE-2025-9715
Share on: