Submeter #654466: Jinher OA V2.0 XML External Entity Referenceinformação

TítuloJinher OA V2.0 XML External Entity Reference
DescriçãoDuring security testing of Jinhe OA system, a critical XXE injection vulnerability was discovered in the GetWordFileName.aspx endpoint. This vulnerability allows unauthenticated attackers to send specially crafted XML documents containing external entity references. The server processes these entities, enabling data exfiltration through out-of-band techniques.
Fonte⚠️ https://github.com/1296299554/CVE/issues/1
Utilizador
 lanyuejian (UID 90154)
Submissão15/09/2025 13h51 (há 9 meses)
Moderação21/09/2025 12h49 (6 days later)
EstadoAceite
Entrada VulDB325174 [Jinher OA 2.0 XML ?text=GetUrl&style=add XML External Entity]
Pontos18

VoltarVisão GeralPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!