CVE-2025-9717
Published
CVSS v3
3.5
LOW
CVSS v2
4
MEDIUM
Affected
1
PROJECT
Description
A vulnerability was identified in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /x_organization_assemble_control/jaxrs/unit/ of the component Personal Profile Page. Such manipulation of the argument name/shortName/distinguishedName/pinyin/pinyinInitial/levelName leads to cross site scripting. The attack may be launched remotely. The exploit is publicly available and might be used.
开源OA系统 - 码云GVP|Java开源oa|企业OA办公平台|企业OA|协同办公OA|流程平台OA|O2OA|OA,支持国产麒麟操作系统和国产数据库(达梦、人大金仓),政务OA,军工信息化OA
GitHub