CVE-2025-9735
BaseFortify
Publication date: 2025-08-31
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zoneland | o2oa | to 10.0-410 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9735 is a stored cross-site scripting (XSS) vulnerability in the o2oa application (up to version 10.0-410) affecting the Personal Profile Page component. It occurs because user inputs in fields like description, applicationName, and queryName are not properly sanitized before being stored and later rendered. This allows attackers to inject malicious JavaScript code that executes in other users' browsers when they view the affected data, potentially compromising user sessions and data integrity. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can lead to persistent execution of malicious JavaScript in the browsers of users who view the affected profile data. The impact includes theft of session tokens, exposure of sensitive user data, and unauthorized actions performed on behalf of authenticated users. Attackers can remotely exploit this by sending crafted requests containing malicious scripts, which are then stored and executed later. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending crafted POST requests to the endpoint `/x_query_assemble_designer/jaxrs/table` with JSON payloads containing script tags or typical XSS payloads in fields like `description`, `applicationName`, and `queryName`. Monitoring HTTP traffic for such suspicious POST requests or responses containing unsanitized script tags can help identify exploitation attempts. For example, using curl to test the endpoint with a payload like `{ "description": "<img src=1 onerror=alert(1)>", "applicationName": "test", "queryName": "test" }` can reveal if the application is vulnerable. Additionally, web application scanners that detect stored XSS vulnerabilities can be used. Network IDS/IPS rules can be configured to detect POST requests with suspicious script payloads targeting this endpoint. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include filtering and escaping all user inputs in the affected profile fields (`description`, `applicationName`, `queryName`) before storage to prevent malicious scripts from being saved. Proper output encoding should be applied when rendering these fields in the application interface to neutralize any injected scripts. Until a vendor patch is released, consider restricting access to the vulnerable endpoint, applying web application firewall (WAF) rules to block suspicious payloads, and monitoring for exploitation attempts. Ultimately, update to the fixed version once it is available as stated by the vendor. [2]