CVE-2025-9736 – O2OA Cross-Site Scripting Vulnerability

August 31, 2025

CVE ID : CVE-2025-9736

Published : Aug. 31, 2025, 4:15 p.m. | 9 hours, 12 minutes ago

Description : A security vulnerability has been detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_query_assemble_designer/jaxrs/statement of the component Personal Profile Page. Such manipulation of the argument description/queryName leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): “This issue will be fixed in the new version.”

Severity: 5.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-9737 – O2OA Cross-Site Scripting Vulnerability

Next Article CVE-2025-9735 – O2OA Cross-Site Scripting Vulnerability

Highlights

CVE-2025-4002 – Apache RefindPlus Local Null Pointer Dereference Vulnerability

April 28, 2025

CVE ID : CVE-2025-4002

Published : April 28, 2025, 5:15 a.m. | 3 hours, 13 minutes ago

Description : A vulnerability was found in RefindPlusRepo RefindPlus 0.14.2.AB and classified as problematic. Affected by this issue is the function GetDebugLogFile of the file Library/MemLogLib/BootLog.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The patch is identified as d2143a1e2deefddd9b105fb7160763c4f8d47ea2. It is recommended to apply a patch to fix this issue.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The state of DevOps and AI: Not just hype

A Breeze Of Inspiration In September (2025 Wallpapers Edition)

10 Top Generative AI Development Companies for Enterprise Node.js Projects

Prompting Is A Design Act: How To Brief, Guide And Iterate With AI

Look out, Meta Ray-Bans! These AI glasses just raised over $1M in pre-orders in 3 days

Samsung ‘Galaxy Glasses’ powered by Android XR are reportedly on track to be unveiled this month

The M4 iPad Pro is discounted $100 as a last-minute Labor Day deal

Distribution Release: Linux From Scratch 12.4

Enhanced Queue Job Control with Laravel’s ThrottlesExceptions failWhen() Method

Enhanced Queue Job Control with Laravel’s ThrottlesExceptions failWhen() Method

August report 2025

Fake News Detection using Python Machine Learning (ML)

Installing Proxmox on a Raspberry Pi to run Virtual Machines on it

Installing Proxmox on a Raspberry Pi to run Virtual Machines on it

Download Transcribe! for Windows

Microsoft Fixes CertificateServicesClient (CertEnroll) Error in Windows 11

CVE-2025-9736 – O2OA Cross-Site Scripting Vulnerability

Hacker suspected of trying to cheat his way into university is arrested in Spain

ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics

CVE-2025-0092 – Google Android Bond Permission Bypass

pottery studio in ras al khaimah

CVE-2025-4795 – Gongfuxiang SchoolCMS SQL Injection Vulnerability

Best early Prime Day Kindle deals: My 6 favorite sales live now

CVE-2025-4002 – Apache RefindPlus Local Null Pointer Dereference Vulnerability

CVE-2025-41651 – Cisco Device Remote Command Execution Vulnerability

Google Photos just put all its best editing tools a tap away – here’s the shortcut

Apple is making a cheap MacBook — that’s bad news for Windows

CVE-2025-9736 – O2OA Cross-Site Scripting Vulnerability

Related Posts