CVE-2025-10091

Name of the Vulnerable Software and Affected Versions: Jinher OA versions up to 1.2

Description: A vulnerability exists in Jinher OA that allows for xml external entity reference. The issue affects an unknown function of the file /c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx/?Type=add within the XML Handler component. Remote exploitation is possible, and the exploit has been publicly disclosed.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.