| Название | Jinher OA V2.0 XML External Entity Reference |
|---|
| Описание | During security testing of Jinhe OA system, a critical XXE injection vulnerability was discovered in the GetWordFileName.aspx endpoint. This vulnerability allows unauthenticated attackers to send specially crafted XML documents containing external entity references. The server processes these entities, enabling data exfiltration through out-of-band techniques. |
|---|
| Источник | ⚠️ https://github.com/1296299554/CVE/issues/1 |
|---|
| Пользователь | lanyuejian (UID 90154) |
|---|
| Представление | 15.09.2025 13:51 (9 месяцы назад) |
|---|
| Модерация | 21.09.2025 12:49 (6 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 325174 [Jinher OA 2.0 XML ?text=GetUrl&style=add XML External Entity] |
|---|
| Баллы | 18 |
|---|