| Título | Jinher OA V1.2 XML External Entity Reference |
|---|
| Descrição | During security testing of Jinher OA system, a critical XXE injection vulnerability was discovered in the ProjectScheduleDelete.aspx endpoint. This vulnerability allows unauthenticated attackers to send specially crafted XML documents containing external entity references. The server processes these entities, enabling data exfiltration through out-of-band techniques.
|
|---|
| Fonte | ⚠️ https://github.com/Cstarplus/CVE/issues/3 |
|---|
| Utilizador | abc_123456 (UID 89341) |
|---|
| Submissão | 31/08/2025 09h59 (há 9 meses) |
|---|
| Moderação | 08/09/2025 06h58 (8 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 323047 [Jinher OA até 1.2 XML ?Type=add XML External Entity] |
|---|
| Pontos | 18 |
|---|