Filtered by vendor Jinher Subscriptions
Filtered by product Jinher Oa Subscriptions
Total 5 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-10090 1 Jinher 1 Jinher Oa 2025-09-08 7.3 High
A flaw has been found in Jinher OA up to 1.2. The impacted element is an unknown function of the file /C6/Jhsoft.Web.departments/GetTreeDate.aspx. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
CVE-2025-9931 1 Jinher 1 Jinher Oa 2025-09-04 4.3 Medium
A vulnerability was detected in Jinher OA 1.0. Affected is an unknown function of the file /jc6/platform/sys/login!changePassWord.action of the component POST Request Handler. The manipulation of the argument Account results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used.
CVE-2025-7824 1 Jinher 1 Jinher Oa 2025-08-26 7.3 High
A vulnerability was found in Jinher OA 1.1. It has been rated as problematic. This issue affects some unknown processing of the file XmlHttp.aspx. The manipulation leads to xml external entity reference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-7823 1 Jinher 1 Jinher Oa 2025-08-26 7.3 High
A vulnerability was found in Jinher OA 1.2. It has been declared as problematic. This vulnerability affects unknown code of the file ProjectScheduleDelete.aspx. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-7523 1 Jinher 1 Jinher Oa 2025-08-26 7.3 High
A vulnerability was found in Jinher OA 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /c6/Jhsoft.Web.message/ToolBar/DelTemp.aspx. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.