Cc2024K

**Name of the Vulnerable Software and Affected Versions** Jinher OA version 1.2 **Description** A vulnerability exists in Jinher OA 1.2 related to xml external entity reference within the `ProjectScheduleDelete.aspx` file. This issue can be exploited remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jinher OA version 1.1 **Description** A vulnerability exists in the processing of the `XmlHttp.aspx` file, leading to XML external entity reference (XXE). This issue can be exploited remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BossSoft CRM version 6.0 **Description** A critical issue exists in BossSoft CRM 6.0 related to SQL injection. The vulnerability is located in an unknown functionality within the file `/crm/module/HNDCBas customPrmSearchDtl.jsp`. Manipulation of the `cstid` argument can lead to exploitation, allowing for remote attacks. The exploit has been publicly disclosed. **Recommendations** Address the SQL injection issue in the `/crm/module/HNDCBas customPrmSearchDtl.jsp` file by sanitizing or validating the `cstid` argument.