Jinher OA DelTemp.aspx xml external entity reference

July 13, 2025 invoker category_cve

CVE Details

Basic Information

Title Jinher OA DelTemp.aspx xml external entity reference
Type cve
Published 2025-07-13T07:02:05.374Z
Modified 2025-07-13T07:02:05.374Z

Product Information

Vendor Jinher
Product OA
Version 1.0

CVSS Information

Base Score 6.9 (MEDIUM)
Attack Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

AI Analysis

AI Description A vulnerability in Jinher OA 1.0 allows remote attackers to exploit an XML external entity reference in the DelTemp.aspx file, potentially leading to data exposure or unauthorized access. This issue has a publicly disclosed exploit.
AI Severity Medium
AI Vendor Jinher
AI Product Jinher OA
AI Version 1.0

Affected Products

  • Jinher OA 1.0

Additional Information

CWE List CWE-611, CWE-610
Source VulDB

Description

A vulnerability was found in Jinher OA 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /c6/Jhsoft.Web.message/ToolBar/DelTemp.aspx. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.