| عنوان | Jinhe OA V1.1 XML External Entity Reference |
|---|
| الوصف | During security testing of Jinhe OA system, a critical XXE injection vulnerability was discovered in the XmlHttp.aspx endpoint. This vulnerability allows unauthenticated attackers to send specially crafted XML documents containing external entity references. The server processes these entities, enabling data exfiltration through out-of-band techniques. |
|---|
| المصدر | ⚠️ https://github.com/cc2024k/CVE/issues/2 |
|---|
| المستخدم | cc2024k (UID 87907) |
|---|
| ارسال | 16/07/2025 07:27 AM (9 أشهر منذ) |
|---|
| الاعتدال | 18/07/2025 07:43 PM (3 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 316925 [Jinher OA 1.1 XmlHttp.aspx XML External Entity] |
|---|
| النقاط | 18 |
|---|