CVE-2025-9931
BaseFortify
Publication date: 2025-09-04
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jinher | jinher_oa | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a reflected Cross-Site Scripting (XSS) issue in Jinhe OA 1.0, specifically in the endpoint /jc6/platform/sys/login!changePassWord.action. It occurs because the 'account' parameter in POST requests is not properly sanitized, allowing attackers to inject malicious JavaScript code. This code is then reflected in the server's response and executed in the victim's browser when triggered, such as by a mouse hover. Exploitation does not require authentication. [1]
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can execute arbitrary JavaScript in the context of the victim's browser. This can lead to actions performed on behalf of authenticated users, theft of sensitive session data, or phishing attacks targeting users of the affected OA system. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending crafted POST requests to the endpoint /jc6/platform/sys/login!changePassWord.action with malicious payloads in the 'account' parameter and observing if the response reflects the injected script. For example, you can use curl to test injection: curl -X POST -d "account=\"><a/onpoiNtERenter=confirm()>" https://your-target/jc6/platform/sys/login!changePassWord.action and check if the response contains the injected script. Monitoring HTTP traffic for suspicious payloads targeting the 'account' parameter in POST requests to this endpoint can also help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Implement input sanitization on the server side to validate and reject 'account' parameter inputs containing HTML or JavaScript syntax, allowing only safe characters such as alphanumerics, '@', and '.'. 2) Apply output encoding to user-controlled data before rendering it in HTML, converting special characters to their HTML entity equivalents. 3) Deploy a strict Content Security Policy (CSP) header, for example: Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'none'; style-src 'self'; to block unauthorized script execution. These steps help prevent injection and execution of malicious scripts. [1]