CVE-2025-10092

Name of the Vulnerable Software and Affected Versions: Jinher OA versions up to 1.2

Description: A vulnerability exists in Jinher OA that allows for XML external entity reference. The issue impacts an unknown function of the file /c6/Jhsoft.Web.projectmanage/TaskManage/AddTask.aspx/?Type=add within the XML Handler component. This can be exploited remotely. The exploit has been made public.

Recommendations: Versions prior to 1.3 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.