CNNVD-202509-4058 Information

CNNVD ID

CNNVD-202509-4058

Related CVE

CVE-2025-11035

• CNNVD Published: 2025-09-26

Description (Chinese)

Jinher OA是中国金和（Jinher）公司的一款协同管理软件。 Jinher OA 2.0版本存在代码问题漏洞，该漏洞源于文件/c6/Jhsoft.Web.module/ToolBar/ManageWord.aspx/?text=GetUrl&style=1存在XML外部实体引用，可能导致远程攻击。

Description (English)

Jinher OA is a co-management software from Jinher China. There is a code gap in the Jinher OA 2.0 version, which stems from the presence of an XML external entity quoted in document/c6/Jhsoft.Web.module/Toolbar/ManageWord.aspx/?text=GetUrl&style=1, which may lead to a remote attack.

Hazard Level

High

Vulnerability Type

代码问题

Published

2025-09-26

Last Modified

2026-02-24

References

https://github.com/frwfxc123/CVE/issues/1 https://vuldb.com/?ctiid.325982 https://vuldb.com/?id.325982 https://vuldb.com/?submit.658253 https://access.redhat.com/security/cve/cve-2025-11035