Jinher OA XML Type xml external entity reference_CVE-2025-10091

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in Jinher OA up to 1.2. This affects an unknown function of the file /c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx/?Type=add of the component XML Handler. The manipulation leads to xml external entity reference. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

Basic Information

ID CVE-2025-10091

Source VulDB

Published Sep 8, 2025 at 11:02

Affected Product

Vendor Jinher

Product OA

Version 1.0

Affected Versions Jinher OA 1.0
Jinher OA 1.1
Jinher OA 1.2

CWE Classification

CWE-611 CWE-610

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in Jinher OA up to 1.2. This affects an unknown function of the file /c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx/?Type=add of the component XML Handler. The manipulation leads to xml external entity reference. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.",
    "published": "2025-09-08T11:02:06.958Z",
    "modified": "2025-09-08T11:02:06.958Z",
    "type": "cve",
    "title": "Jinher OA XML Type xml external entity reference",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.323046\nhttps://vuldb.com/?ctiid.323046\nhttps://vuldb.com/?submit.644864\nhttps://github.com/Cstarplus/CVE/issues/2",
    "id": "CVE-2025-10091",
    "bulletinFamily": "",
    "cwe": [
        "CWE-611",
        "CWE-610"
    ],
    "cvelist": null,
    "sourceData": "Jinher OA 1.0\nJinher OA 1.1\nJinher OA 1.2",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OA",
    "version": "1.0",
    "vendor": "Jinher",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}