CVE-2025-1337

LOW LAB

Eastnets PaymentSafe <2.5.26.0 - XSS

Title source: llm

Description

A vulnerability was found in Eastnets PaymentSafe 2.5.26.0. It has been classified as problematic. This affects an unknown part of the component BIC Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.5.27.0 is able to address this issue.

Exploits (2)

github WORKING POC 2 stars

by adminlove520 · pythonpoc

https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2025/CVE-2025-1337

View Code ZIP pw:eip

nomisec WORKING POC

by ada-z3r0 · poc

https://github.com/ada-z3r0/CVE-2025-1337-PoC

View Code ZIP pw:eip

References (4)

[Various Sources] https://drive.google.com/file/d/1uTRLoCnOGcXtSpoZO8xyPakhIO4MbCMk/view?usp=sharing

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.295953

[Permissions Required, VDB Entry] https://vuldb.com/?id.295953

[Permissions Required, VDB Entry] https://vuldb.com/?submit.493686

Scores

CVSS v3 3.5

EPSS 0.0004

EPSS Percentile 11.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Lab Environment

COMMUNITY

Community Lab

docker pull mariadb:10.6

https://github.com/ada-z3r0/CVE-2025-1337-PoC

https://github.com/adminlove520/CVE-Poc_All_in_One

View in Library

Details

CWE

CWE-79 CWE-94

Status published

Products (1)

Eastnets/PaymentSafe 2.5.26.0

Published Feb 16, 2025

Tracked Since Feb 18, 2026