CVE-2025-1337

LOW

Eastnets PaymentSafe <2.5.26.0 - XSS

Title source: llm

Description

A vulnerability was found in Eastnets PaymentSafe 2.5.26.0. It has been classified as problematic. This affects an unknown part of the component BIC Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.5.27.0 is able to address this issue.

Exploits (2)

github WORKING POC 2 stars

by adminlove520 · pythonpoc

https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2025/CVE-2025-1337

View Code ZIP pw:eip

nomisec WORKING POC

by ada-z3r0 · poc

https://github.com/ada-z3r0/CVE-2025-1337-PoC

View Code ZIP pw:eip

References (4)

[Various Sources] https://drive.google.com/file/d/1uTRLoCnOGcXtSpoZO8xyPakhIO4MbCMk/view?usp=sharing

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.295953

[Permissions Required, VDB Entry] https://vuldb.com/?id.295953

[Permissions Required, VDB Entry] https://vuldb.com/?submit.493686

Scores

CVSS v3 3.5

EPSS 0.0003

EPSS Percentile 8.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Classification

CWE

CWE-94 CWE-79

Status draft

Timeline

Published Feb 16, 2025

Tracked Since Feb 18, 2026