CNNVD-202509-654 Information

CNNVD ID

CNNVD-202509-654

Related CVE

CVE-2025-9931

• CNNVD Published: 2025-09-04

Description (Chinese)

Jinher OA是中国金和（Jinher）公司的一款协同管理软件。 Jinher OA 1.0版本存在代码注入漏洞，该漏洞源于文件/jc6/platform/sys/login!changePassWord.action中参数Account操作不当，可能导致跨站脚本攻击。

Description (English)

Jinher OA is a co-management software from Jinher China. There is a code-injection loophole in version Jinher OA 1.0, which originates from the parameter Account in file/jc6/platform/sys/login!changePassWord.action, which may lead to a cross-site script attack.

Hazard Level

High

Vulnerability Type

代码注入

Published

2025-09-04

Last Modified

2026-02-24

References

https://github.com/1276486/CVE/issues/4 https://vuldb.com/?ctiid.322333 https://vuldb.com/?id.322333 https://vuldb.com/?submit.642997