CVE-2025-9734
BaseFortify
Publication date: 2025-08-31
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zoneland | o2oa | to 10.0-410 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9734 is a stored cross-site scripting (XSS) vulnerability in the O2OA application up to version 10.0-410. It occurs in the Personal Profile Page component at the endpoint /x_query_assemble_designer/jaxrs/stat. The vulnerability arises because user inputs in profile fields such as name, alias, description, and applicationName are not properly sanitized before being stored and later rendered. This allows attackers to inject malicious JavaScript code that executes whenever the affected data is viewed, potentially compromising user sessions or performing unauthorized actions. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can lead to persistent execution of malicious JavaScript in users' browsers when they view affected profile data. The impact includes theft of session tokens or sensitive user data and unauthorized actions performed on behalf of authenticated users. Since the attack can be launched remotely and exploits user interaction, it poses a risk of compromising user accounts and data integrity. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the vulnerable endpoint `/x_query_assemble_designer/jaxrs/stat` for stored cross-site scripting (XSS) by sending crafted POST requests with malicious JavaScript payloads in the user-controllable fields such as name, alias, description, and applicationName. For example, you can use curl to send a JSON payload containing a script or an HTML tag with an onerror event to check if the input is stored and executed when viewed. Example command: curl -X POST -H "Content-Type: application/json" -d '{"name":"<img src=x onerror=alert(1)>","alias":"test","description":"desc","applicationName":"app"}' http://target/x_query_assemble_designer/jaxrs/stat. Monitoring web application logs for suspicious input patterns or unexpected script execution in user profiles can also help detect exploitation attempts. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing input filtering and escaping for all user-supplied profile fields before storage, and ensuring proper output encoding when rendering this data in the application interface to prevent execution of malicious scripts. Since no official patch is currently available, consider restricting access to the vulnerable endpoint, disabling the affected functionality if possible, or replacing the affected product. Monitoring for exploitation attempts and educating users about the risk can also help reduce impact until a fixed version is released. [2, 3]