CNNVD-202507-1770 Information

CNNVD ID

CNNVD-202507-1770

Related CVE

CVE-2025-7523

• CNNVD Published: 2025-07-13

Description (Chinese)

Jinher OA是中国金和（Jinher）公司的一款协同管理软件。 Jinher OA 1.0版本存在代码问题漏洞，该漏洞源于文件/c6/Jhsoft.Web.message/ToolBar/DelTemp.aspx的错误操作导致XML外部实体引用。

Description (English)

Jinher OA is a co-management software from Jinher China. There is a code problem gap in the version of Jinher OA 1.0, which stems from the error of document/c6/Jhsoft.Web.message/Toolbar/DelTemp.aspx, which led to the reference of the XML external entity.

Hazard Level

Medium

Vulnerability Type

代码问题

Published

2025-07-13

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.316220 https://github.com/BigMancer/Jinhe-OA-XXE-Vulnerability https://vuldb.com/?submit.611183 https://vuldb.com/?id.316220 https://github.com/BigMancer/Jinhe-OA-XXE-Vulnerability?tab=readme-ov-file#proof-of-concept https://access.redhat.com/security/cve/cve-2025-7523 https://nvd.nist.gov/vuln/detail/CVE-2025-7523