Plattform
other
Komponente
paymentsafe
Behoben in
2.5.27
A problematic cross-site scripting (XSS) vulnerability has been identified in Eastnets PaymentSafe versions 2.5.26.0. This flaw allows remote attackers to inject malicious scripts, potentially compromising user sessions and data integrity. The vulnerability impacts an unknown part of the BIC Search component. Updating to version 2.5.27.0 resolves this issue.
Successful exploitation of CVE-2025-1337 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session on the PaymentSafe system. This could lead to the theft of sensitive information, such as login credentials or financial data. Attackers could also redirect users to malicious websites or deface the PaymentSafe interface. The potential impact is amplified if PaymentSafe is integrated with other systems, as the attacker could potentially leverage this vulnerability to gain access to those systems as well.
CVE-2025-1337 was publicly disclosed on 2025-02-16. No public proof-of-concept (PoC) code has been released at the time of writing. The CVSS score of 3.5 (LOW) indicates a relatively low probability of exploitation, but the potential impact warrants prompt remediation. It is not currently listed on the CISA KEV catalog.
Organizations utilizing Eastnets PaymentSafe version 2.5.26.0, particularly those handling sensitive financial data or integrated with other critical systems, are at risk. Shared hosting environments where PaymentSafe is deployed alongside other applications could also be vulnerable.
disclosure
Exploit-Status
EPSS
0.04% (12% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-1337 is to upgrade Eastnets PaymentSafe to version 2.5.27.0 or later. If an immediate upgrade is not feasible, consider implementing strict input validation and output encoding on the BIC Search component to prevent the injection of malicious scripts. Web application firewalls (WAFs) configured to detect and block XSS attacks can provide an additional layer of defense. Regularly review PaymentSafe configuration for any misconfigurations that could exacerbate the vulnerability.
Actualice Eastnets PaymentSafe a la versión 2.5.27.0 o superior. Esta actualización corrige la vulnerabilidad de Cross-Site Scripting (XSS) en la función de búsqueda BIC. La actualización mitigará el riesgo de ejecución de scripts maliciosos en el navegador de los usuarios.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-1337 is a cross-site scripting (XSS) vulnerability affecting Eastnets PaymentSafe version 2.5.26.0, allowing remote attackers to inject malicious scripts.
If you are using Eastnets PaymentSafe version 2.5.26.0, you are potentially affected by this vulnerability. Upgrade is recommended.
The recommended fix is to upgrade to version 2.5.27.0 or later. Consider input validation and WAF rules as interim measures.
There is no confirmed active exploitation of CVE-2025-1337 at this time, but the potential for exploitation exists.
Please refer to the Eastnets security advisory for detailed information and updates regarding CVE-2025-1337.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.