O2OA Stored Cross-Site Scripting Vulnerability in Personal Profile Page Component
Vulnerability
A stored cross-site scripting vulnerability has been identified in O2OA versions through 10.0-410. The issue resides in the Personal Profile Page component, specifically within the file '/x_query_assemble_designer/jaxrs/statement'. The vulnerability allows for the injection of malicious scripts into the 'description' or 'queryName' fields, which are then executed when the profile is viewed. This exploitation can be performed remotely.
Impact
Exploitation of this vulnerability allows for the execution of injected JavaScript in the context of the user's browser, potentially leading to the theft of session tokens or sensitive information, and the execution of unauthorized actions on behalf of the user.
Reproduction
To reproduce this vulnerability, send a POST request to the '/x_query_assemble_designer/jaxrs/statement' endpoint with a payload that includes a script in the 'description' or 'queryName' fields. Once the payload is stored, it will be executed when the profile is accessed.
Remediation
The vendor has stated that this issue will be fixed in a future version.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.