CVE-2025-1807: Eastnets PaymentSafe Edit Manual Reply directRouter.rfc cross site scripting
First published: Sun Mar 02 2025(Updated: )
A vulnerability, which was classified as problematic, was found in Eastnets PaymentSafe 2.5.26.0. This affects an unknown part of the file /directRouter.rfc of the component Edit Manual Reply Handler. The manipulation of the argument Title leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eastnets PaymentSafe |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-1807?
CVE-2025-1807 is classified as a problematic vulnerability affecting Eastnets PaymentSafe.
How do I fix CVE-2025-1807?
To fix CVE-2025-1807, ensure that you sanitize and validate inputs for the Title argument in the Edit Manual Reply Handler.
What components are affected by CVE-2025-1807?
CVE-2025-1807 affects the Edit Manual Reply Handler component within the Eastnets PaymentSafe application.
What type of vulnerability is CVE-2025-1807?
CVE-2025-1807 is identified as a cross site scripting (XSS) vulnerability.
Who is the vendor for the affected software in CVE-2025-1807?
The vendor for the affected software in CVE-2025-1807 is Eastnets.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/source
- agent/severity
- agent/author
- agent/last-modified-date
- agent/tags
- agent/event
- vendor/eastnets
- canonical/eastnets paymentsafe