Ffff1123

**Name of the Vulnerable Software and Affected Versions** Jinher OA version 2.0 **Description** A flaw exists in Jinher OA 2.0 that allows for xml external entity reference. This issue is related to an unknown function within the file `/c6/Jhsoft.Web.module/ToolBar/ManageWord.aspx/?text=GetUrl&style=1`. The attack can be initiated remotely and has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.