CVE-2025-9931 is a medium-severity cross-site scripting (XSS) vulnerability identified in Jinher OA version 1.0, specifically within the POST request handler of the /jc6/platform/sys/login!changePassWord.action endpoint. The vulnerability arises from improper sanitization or validation of the 'Account' parameter, which can be manipulated by an attacker to inject malicious scripts. This flaw allows an unauthenticated remote attacker to craft a specially crafted POST request that, when processed by the vulnerable endpoint, results in the execution of arbitrary JavaScript code in the context of the victim's browser session. The vulnerability does not require any privileges or authentication, and user interaction is necessary for the malicious script to execute, typically when a user accesses a compromised or maliciously crafted page. The CVSS 4.0 base score is 5.3, reflecting a medium severity level, with an attack vector of network, low attack complexity, no privileges required, and user interaction needed. The impact primarily affects the confidentiality and integrity of user data within the affected Jinher OA application, potentially enabling session hijacking, credential theft, or unauthorized actions performed on behalf of the user. No official patches or mitigations have been published at the time of disclosure, and while no known exploits are reported in the wild, the exploit code is publicly available, increasing the risk of exploitation.

For European organizations using Jinher OA 1.0, this vulnerability poses a tangible risk to the security of internal office automation systems. Successful exploitation could lead to unauthorized access to sensitive corporate information, session hijacking, or the execution of malicious actions within the application context. This can disrupt business operations, lead to data breaches, and damage organizational reputation. Since Jinher OA is used for office automation, including potentially managing internal communications, workflows, and document handling, exploitation could expose confidential business data or facilitate further lateral movement within the corporate network. The requirement for user interaction means phishing or social engineering could be leveraged to trigger the attack, increasing the risk to employees. The medium severity suggests that while the vulnerability is not critical, it still warrants prompt attention to prevent exploitation, especially given the public availability of exploit code.

1. Immediate mitigation should include implementing strict input validation and output encoding on the 'Account' parameter within the /jc6/platform/sys/login!changePassWord.action endpoint to neutralize malicious script content. 2. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in the browser context. 3. Conduct user awareness training to recognize and avoid phishing attempts that could deliver malicious payloads exploiting this vulnerability. 4. Monitor web server and application logs for suspicious POST requests targeting the vulnerable endpoint to detect potential exploitation attempts. 5. If possible, restrict access to the affected endpoint via network controls or web application firewalls (WAF) with custom rules to block malicious payloads targeting the 'Account' parameter. 6. Engage with Jinher or the software vendor for official patches or updates and plan for prompt deployment once available. 7. Consider upgrading to a newer, unaffected version of Jinher OA if available. 8. Regularly review and update security policies around web application security and incident response to quickly address any exploitation attempts.