CNNVD-202509-1099 Information

CNNVD ID

CNNVD-202509-1099

Related CVE

CVE-2025-10091

• CNNVD Published: 2025-09-08

Description (Chinese)

Jinher OA是中国金和（Jinher）公司的一款协同管理软件。 Jinher OA 1.2及之前版本存在代码问题漏洞，该漏洞源于/c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx文件存在XML外部实体引用漏洞。

Description (English)

Jinher OA is a co-management software from Jinher China. Jinher OA 1.2 and previous versions had a code problem loophole, which originated in the XML external entity citation gap in the /c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx file.

Hazard Level

Medium

Vulnerability Type

代码问题

Published

2025-09-08

Last Modified

2026-02-24

References

https://vuldb.com/?submit.644864 https://github.com/Cstarplus/CVE/issues/2 https://vuldb.com/?ctiid.323046 https://vuldb.com/?id.323046 https://access.redhat.com/security/cve/cve-2025-10091