ByteOS Network

NVD Vulnerability Details :

CVE-2025-9659

Awaiting Analysis

Source-cna@vuldb.com

Published At-29 Aug, 2025 | 16:15

Updated At-29 Aug, 2025 | 16:24

A vulnerability has been found in O2OA up to 10.0-410. The affected element is an unknown function of the file /x_portal_assemble_designer/jaxrs/widget of the component Personal Profile Page. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	5.1	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary	3.1	3.5	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Secondary	2.0	4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:P/A:N

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	cna@vuldb.com
CWE-94	Primary	cna@vuldb.com

References

Hyperlink	Source	Resource
https://github.com/o2oa/o2oa/issues/175	cna@vuldb.com	N/A
https://github.com/o2oa/o2oa/issues/175#issue-3332931249	cna@vuldb.com	N/A
https://github.com/o2oa/o2oa/issues/175#issuecomment-3212881171	cna@vuldb.com	N/A
https://vuldb.com/?ctiid.321867	cna@vuldb.com	N/A
https://vuldb.com/?id.321867	cna@vuldb.com	N/A
https://vuldb.com/?submit.637235	cna@vuldb.com	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History