CVE-2025-9735
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-31

Last updated on: 2026-04-29

Assigner: VulDB

Description
A weakness has been identified in O2OA up to 10.0-410. This affects an unknown function of the file /x_query_assemble_designer/jaxrs/table of the component Personal Profile Page. This manipulation of the argument description/applicationName/queryName causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-31
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-08-31
EPSS Evaluated
2026-06-14
NVD
CVE-2025-9735
EUVD
EUVD-2025-26301
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
zoneland o2oa to 10.0-410 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-9735 is a stored cross-site scripting (XSS) vulnerability in the o2oa application (up to version 10.0-410) affecting the Personal Profile Page component. It occurs because user inputs in fields like description, applicationName, and queryName are not properly sanitized before being stored and later rendered. This allows attackers to inject malicious JavaScript code that executes in other users' browsers when they view the affected data, potentially compromising user sessions and data integrity. [1, 2, 3]

Impact Analysis

This vulnerability can lead to persistent execution of malicious JavaScript in the browsers of users who view the affected profile data. The impact includes theft of session tokens, exposure of sensitive user data, and unauthorized actions performed on behalf of authenticated users. Attackers can remotely exploit this by sending crafted requests containing malicious scripts, which are then stored and executed later. [1, 2, 3]

Detection Guidance

This vulnerability can be detected by sending crafted POST requests to the endpoint `/x_query_assemble_designer/jaxrs/table` with JSON payloads containing script tags or typical XSS payloads in fields like `description`, `applicationName`, and `queryName`. Monitoring HTTP traffic for such suspicious POST requests or responses containing unsanitized script tags can help identify exploitation attempts. For example, using curl to test the endpoint with a payload like `{ "description": "<img src=1 onerror=alert(1)>", "applicationName": "test", "queryName": "test" }` can reveal if the application is vulnerable. Additionally, web application scanners that detect stored XSS vulnerabilities can be used. Network IDS/IPS rules can be configured to detect POST requests with suspicious script payloads targeting this endpoint. [2]

Mitigation Strategies

Immediate mitigation steps include filtering and escaping all user inputs in the affected profile fields (`description`, `applicationName`, `queryName`) before storage to prevent malicious scripts from being saved. Proper output encoding should be applied when rendering these fields in the application interface to neutralize any injected scripts. Until a vendor patch is released, consider restricting access to the vulnerable endpoint, applying web application firewall (WAF) rules to block suspicious payloads, and monitoring for exploitation attempts. Ultimately, update to the fixed version once it is available as stated by the vendor. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9735. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart