CVE-2025-9735 – O2OA Cross-Site Scripting Vulnerability

August 31, 2025

CVE ID : CVE-2025-9735

Published : Aug. 31, 2025, 4:15 p.m. | 9 hours, 12 minutes ago

Description : A weakness has been identified in O2OA up to 10.0-410. This affects an unknown function of the file /x_query_assemble_designer/jaxrs/table of the component Personal Profile Page. This manipulation of the argument description/applicationName/queryName causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor replied in the GitHub issue (translated from simplified Chinese): “This issue will be fixed in the new version.”

Severity: 5.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-9736 – O2OA Cross-Site Scripting Vulnerability

Next Article CVE-2025-9734 – O2OA Cross-Site Scripting Vulnerability

Highlights

CVE-2025-3483 – MedDream PACS Server DICOM File Parsing Remote Code Execution Vulnerability

May 22, 2025

CVE ID : CVE-2025-3483

Published : May 22, 2025, 1:15 a.m. | 1 hour, 44 minutes ago

Description : MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the parsing of DICOM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-25825.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The state of DevOps and AI: Not just hype

A Breeze Of Inspiration In September (2025 Wallpapers Edition)

10 Top Generative AI Development Companies for Enterprise Node.js Projects

Prompting Is A Design Act: How To Brief, Guide And Iterate With AI

Look out, Meta Ray-Bans! These AI glasses just raised over $1M in pre-orders in 3 days

Samsung ‘Galaxy Glasses’ powered by Android XR are reportedly on track to be unveiled this month

The M4 iPad Pro is discounted $100 as a last-minute Labor Day deal

Distribution Release: Linux From Scratch 12.4

Enhanced Queue Job Control with Laravel’s ThrottlesExceptions failWhen() Method

Enhanced Queue Job Control with Laravel’s ThrottlesExceptions failWhen() Method

August report 2025

Fake News Detection using Python Machine Learning (ML)

Installing Proxmox on a Raspberry Pi to run Virtual Machines on it

Installing Proxmox on a Raspberry Pi to run Virtual Machines on it

Download Transcribe! for Windows

Download Icecream Ebook Reader for Free on PC

CVE-2025-9735 – O2OA Cross-Site Scripting Vulnerability

Hacker suspected of trying to cheat his way into university is arrested in Spain

ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics

CVE-2025-6974 – SOLIDWORKS eDrawings Uninitialized Variable Code Execution Vulnerability

CVE-2024-38823 – Salt Replays

Final Fantasy Tactics: The Ivalice Chronicles has been revealed for Xbox and PC, along with a release date

How to Add Custom Style Variations to WordPress Blocks

CVE-2025-3483 – MedDream PACS Server DICOM File Parsing Remote Code Execution Vulnerability

CVE-2025-46347 – YesWiki Remote Code Execution Vulnerability

CVE-2025-48060 – jq Heap Buffer Overflow Vulnerability

CVE-2025-34043 – Vacron Network Video Recorder (NVR) Remote Command Injection Vulnerability

CVE-2025-9735 – O2OA Cross-Site Scripting Vulnerability

Related Posts