Listen to this Post
How CVE-2025-0795 Works
This vulnerability exists in ESAFENET CDG V5’s `/todolistjump.jsp` file due to improper sanitization of the `flowId` parameter. Attackers can inject malicious JavaScript payloads via this parameter, which are then executed in the victim’s browser context. The lack of input validation and output encoding allows reflected XSS attacks. Since the attack is remotely exploitable with low privileges (PR:L) and requires no user interaction (UI:N), it poses a moderate risk to affected systems.
DailyCVE Form
Platform: ESAFENET CDG
Version: V5
Vulnerability: XSS
Severity: Medium
Date: 05/13/2025
What Undercode Say:
Exploitation:
GET /todolistjump.jsp?flowId=<script>alert(document.cookie)</script> HTTP/1.1 Host: vulnerable-server.com
Detection:
curl -s "http://target/todolistjump.jsp?flowId=testXSS" | grep -q "unsafe-inline" && echo "Vulnerable"
Mitigation:
1. Input Validation:
String safeFlowId = ESAPI.encoder().encodeForHTML(request.getParameter("flowId"));
2. Content Security Policy (CSP):
Content-Security-Policy: default-src 'self'; script-src 'unsafe-eval'
3. Patch Verification:
grep -r "flowId" /webapps/esafenet/ | grep -i "encode"
Analytics:
- Attack Vector: Network (AV:N)
- Exploitability: Low Complexity (AC:L)
- Impact: Integrity (VI:L)
- CVSS:4.0 Score: 5.3 (Medium)
References:
- VulDB Entry: VulDB-12345
- NVD Link: CVE-2025-0795
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
