Soumettre #664613: Jinher OA v2.0 XML External Entity Referenceinformation

TitreJinher OA v2.0 XML External Entity Reference
DescriptionDuring security testing of Jinhe OA system, a critical XXE injection vulnerability was discovered in the ProjectScheduleDelete.aspx endpoint. This vulnerability allows unauthenticated attackers to send specially crafted XML documents containing external entity references. The server processes these entities, enabling data exfiltration through out-of-band techniques.
La source⚠️ https://github.com/rookie1006/CVE/issues/2
Utilisateur
 rookie1129 (UID 91072)
Soumission28/09/2025 14:55 (il y a 8 mois)
Modérer06/10/2025 07:37 (8 days later)
StatutAccepté
Entrée VulDB327226 [Jinher OA jusqu’à 2.0 ?type=SystemUserInfo&style=1 XML External Entity]
Points18

PrécédentAperçuSuivant

Do you want to use VulDB in your project?

Use the official API to access entries easily!