CVE-2025-1807

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-1807
A vulnerability, which was classified as problematic, was found in Eastnets PaymentSafe 2.5.26.0. This affects an unknown part of the file /directRouter.rfc of the component Edit Manual Reply Handler. The manipulation of the argument Title leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.5.27.0 is able to address this issue.

3.5 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

4.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
https://drive.google.com/file/d/1-4BwJxzKUdVRsi6PYh68mKzeIPAqug1Q/view
https://vuldb.com/?ctiid.298065
https://vuldb.com/?id.298065
https://vuldb.com/?submit.502668
Configurations

No configuration.

History

09 Apr 2025, 13:15

Type Values Removed Values Added
Summary (en) A vulnerability, which was classified as problematic, was found in Eastnets PaymentSafe 2.5.26.0. This affects an unknown part of the file /directRouter.rfc of the component Edit Manual Reply Handler. The manipulation of the argument Title leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.5.27.0 is able to address this issue. The vendor was contacted early about this disclosure but did not respond in any way. (en) A vulnerability, which was classified as problematic, was found in Eastnets PaymentSafe 2.5.26.0. This affects an unknown part of the file /directRouter.rfc of the component Edit Manual Reply Handler. The manipulation of the argument Title leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.5.27.0 is able to address this issue.

01 Apr 2025, 21:15

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad, que se ha clasificado como problemática, en Eastnets PaymentSafe 2.5.26.0. Afecta a una parte desconocida del archivo /directRouter.rfc del componente Edit Manual Reply Handler. La manipulación del argumento Title provoca un ataque básico de cross site scripting. Es posible iniciar el ataque de forma remota. Se ha hecho público el exploit y puede que sea utilizado. Se contactó al proveedor con antelación sobre esta revelación, pero no respondió de ninguna manera.
Summary (en) A vulnerability, which was classified as problematic, was found in Eastnets PaymentSafe 2.5.26.0. This affects an unknown part of the file /directRouter.rfc of the component Edit Manual Reply Handler. The manipulation of the argument Title leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. (en) A vulnerability, which was classified as problematic, was found in Eastnets PaymentSafe 2.5.26.0. This affects an unknown part of the file /directRouter.rfc of the component Edit Manual Reply Handler. The manipulation of the argument Title leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.5.27.0 is able to address this issue. The vendor was contacted early about this disclosure but did not respond in any way.

02 Mar 2025, 00:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-02 00:15

Updated : 2025-04-09 13:15

NVD link : CVE-2025-1807

Mitre link : CVE-2025-1807

CVE.ORG link : CVE-2025-1807

JSON object : View

Products Affected

No product.

CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-80

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)