CNNVD-202509-3223 Information

CNNVD ID

CNNVD-202509-3223

Related CVE

CVE-2025-10816

• CNNVD Published: 2025-09-22

Description (Chinese)

Jinher OA是中国金和（Jinher）公司的一款协同管理软件。 Jinher OA 2.0版本存在代码问题漏洞，该漏洞源于对文件/c6/Jhsoft.Web.module/ToolBar/GetWordFileName.aspx中XML处理组件的错误操作，可能导致XML外部实体引用攻击。

Description (English)

Jinher OA is a co-management software from Jinher China. There is a code gap in the Jinher OA 2.0 version, which stems from an error in the XML processing component in file/c6/Jhsoft.Web.module/Toolbar/GetWordFileName.aspx, which may lead to an attack on an outside XML entity.

Hazard Level

Medium

Vulnerability Type

代码问题

Published

2025-09-22

Last Modified

2026-02-24

References

https://vuldb.com/?submit.654466 https://github.com/1296299554/CVE/issues/1 https://vuldb.com/?ctiid.325174 https://vuldb.com/?id.325174 https://access.redhat.com/security/cve/cve-2025-10816