Cross-Site Scripting Vulnerability in ESAFENET CDG V5
CVE-2025-0787

5.3MEDIUM

Key Information:

Vendor: Esafenet
Status: Cdg
Vendor: CVE Published:; 28 January 2025

Badges

👾 Exploit Exists

What is CVE-2025-0787?

A cross-site scripting vulnerability exists in ESAFENET CDG V5, particularly affecting the functionality of the /appDetail.jsp file. This vulnerability allows an attacker to manipulate the 'curpage' argument, which can lead to unauthorized script execution in a user's browser. Exploitation can occur remotely, and the potential for abuse is significant. Despite early notification to the vendor, there has been no response regarding a fix or mitigation measures.

Affected Version(s)

CDG V5

References

https://vuldb.com/?id.293911

vdb-entrytechnical-description

https://vuldb.com/?ctiid.293911

signaturepermissions-required

https://vuldb.com/?submit.483340

third-party-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jan 28, 2025
Vulnerability published
Jan 28, 2025
Vulnerability Reserved
Jan 28, 2025

Credit

raindrop (VulDB User)

Esafenet

Badges

What is CVE-2025-0787?

Affected Version(s)

References

CVSS V4

Timeline

Credit