Jinher OA XML Type xml external entity reference_CVE-2025-10092

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in Jinher OA up to 1.2. This impacts an unknown function of the file /c6/Jhsoft.Web.projectmanage/TaskManage/AddTask.aspx/?Type=add of the component XML Handler. The manipulation results in xml external entity reference. The attack can be executed remotely. The exploit has been made public and could be used.

Basic Information

ID CVE-2025-10092

Source VulDB

Published Sep 8, 2025 at 11:32

Affected Product

Vendor Jinher

Product OA

Version 1.0

Affected Versions Jinher OA 1.0
Jinher OA 1.1
Jinher OA 1.2

CWE Classification

CWE-611 CWE-610

References

{
    "lastseen": "",
    "description": "A vulnerability was found in Jinher OA up to 1.2. This impacts an unknown function of the file /c6/Jhsoft.Web.projectmanage/TaskManage/AddTask.aspx/?Type=add of the component XML Handler. The manipulation results in xml external entity reference. The attack can be executed remotely. The exploit has been made public and could be used.",
    "published": "2025-09-08T11:32:06.165Z",
    "modified": "2025-09-08T11:32:06.165Z",
    "type": "cve",
    "title": "Jinher OA XML Type xml external entity reference",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.323047\nhttps://vuldb.com/?ctiid.323047\nhttps://vuldb.com/?submit.644868\nhttps://github.com/Cstarplus/CVE/issues/3",
    "id": "CVE-2025-10092",
    "bulletinFamily": "",
    "cwe": [
        "CWE-611",
        "CWE-610"
    ],
    "cvelist": null,
    "sourceData": "Jinher OA 1.0\nJinher OA 1.1\nJinher OA 1.2",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OA",
    "version": "1.0",
    "vendor": "Jinher",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}