Enviar #616841: Jinhe OA V1.2 XML External Entity Referenceinformación

TítuloJinhe OA V1.2 XML External Entity Reference
DescripciónDuring security testing of Jinhe OA system, a critical XXE injection vulnerability was discovered in the ProjectScheduleDelete.aspx endpoint. This vulnerability allows unauthenticated attackers to send specially crafted XML documents containing external entity references. The server processes these entities, enabling data exfiltration through out-of-band techniques.
Fuente⚠️ https://github.com/cc2024k/CVE/issues/3
Usuario
 cc2024k (UID 87907)
Sumisión2025-07-16 07:26 (hace 10 meses)
Moderación2025-07-18 19:43 (3 days later)
EstadoAceptado
Entrada de VulDB316924 [Jinher OA 1.2 ProjectScheduleDelete.aspx XML External Entity]
Puntos18

AnteriorVisión De ConjuntoPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!