CVE-2025-9736
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-31

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security vulnerability has been detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_query_assemble_designer/jaxrs/statement of the component Personal Profile Page. Such manipulation of the argument description/queryName leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-31
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-08-31
EPSS Evaluated
2026-06-14
NVD
CVE-2025-9736
EUVD
EUVD-2025-26300
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
zoneland o2oa to 10.0-410 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-9736 is a stored cross-site scripting (XSS) vulnerability in the O2OA application (up to version 10.0-410), specifically in the Personal Profile Page component at the endpoint /x_query_assemble_designer/jaxrs/statement. It occurs because user inputs in fields like description or queryName are not properly sanitized before being stored and later rendered. This allows attackers to inject malicious JavaScript code that executes in other users' browsers when they view the affected data, potentially compromising user sessions and data integrity. [1, 2, 3]

Impact Analysis

This vulnerability allows attackers to execute persistent malicious JavaScript code in the browsers of users who view the affected profile or data. The impact includes theft of session tokens or sensitive information, unauthorized actions performed on behalf of authenticated users, and compromise of data integrity. The attack can be launched remotely and requires some user interaction to trigger the script execution. [1, 2, 3]

Detection Guidance

This vulnerability can be detected by monitoring and analyzing HTTP POST requests to the endpoint `/x_query_assemble_designer/jaxrs/statement` for suspicious payloads containing script tags or event handlers such as `<img src=1 onerror=alert(1)>`. You can use tools like curl or wget to send crafted requests to test the endpoint. Additionally, inspecting logs for unusual input in the `description`, `applicationName`, or `queryName` fields may help detect exploitation attempts. Example command to test the endpoint with a malicious payload using curl: curl -X POST https://<target>/x_query_assemble_designer/jaxrs/statement -H "Content-Type: application/json" -d '{"description":"<img src=1 onerror=alert(1)>","queryName":"test"}' [2]

Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable endpoint, applying input filtering and output encoding to sanitize user inputs, and monitoring for exploitation attempts. Since no official patch is currently available, consider replacing or disabling the affected component until the vendor releases a fixed version. Additionally, educate users to be cautious of unexpected profile data and consider implementing web application firewalls (WAF) rules to block malicious payloads targeting this vulnerability. [2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9736. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart