{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-9931","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-09-03T11:28:33.788Z","datePublished":"2025-09-03T22:02:07.472Z","dateUpdated":"2025-09-04T19:59:48.284Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-09-03T22:02:07.472Z"},"title":"Jinher OA POST Request login!changePassWord.action cross site scripting","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-79","lang":"en","description":"Cross Site Scripting"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-94","lang":"en","description":"Code Injection"}]}],"affected":[{"vendor":"Jinher","product":"OA","versions":[{"version":"1.0","status":"affected"}],"modules":["POST Request Handler"]}],"descriptions":[{"lang":"en","value":"A vulnerability was detected in Jinher OA 1.0. Affected is an unknown function of the file /jc6/platform/sys/login!changePassWord.action of the component POST Request Handler. The manipulation of the argument Account results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used."},{"lang":"de","value":"Es wurde eine Schwachstelle in Jinher OA 1.0 entdeckt. Betroffen ist eine unbekannte Verarbeitung der Datei /jc6/platform/sys/login!changePassWord.action der Komponente POST Request Handler. Die Manipulation des Arguments Account führt zu cross site scripting. Es ist möglich, den Angriff aus der Ferne durchzuführen. Der Exploit ist öffentlich verfügbar und könnte genutzt werden."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":4.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":4.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":5,"vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-09-03T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-09-03T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-09-03T13:33:36.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"Zre0x1c (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.322333","name":"VDB-322333 | Jinher OA POST Request login!changePassWord.action cross site scripting","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.322333","name":"VDB-322333 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.642997","name":"Submit #642997 | Jinhe Jinhe OA V1.0 Basic Cross Site Scripting","tags":["third-party-advisory"]},{"url":"https://github.com/1276486/CVE/issues/4","tags":["exploit","issue-tracking"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-09-04T19:59:40.301381Z","id":"CVE-2025-9931","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-09-04T19:59:48.284Z"}}]}}