Primary

Context

ESAFENET CDG V5 Cross-Site Scripting Vulnerability in SysConfig.jsp

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in ESAFENET CDG version 5. The issue arises in the SysConfig.jsp file, where the help parameter can be manipulated to execute malicious scripts in the user's browser. This vulnerability could lead to information theft or other malicious activities.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can execute scripts in the context of the user's browser session.

Reproduction

To reproduce this vulnerability, send a request to the SysConfig.jsp file with a crafted help parameter that includes the malicious script. This can be done manually or using an automated tool that targets cross-site scripting vulnerabilities.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

4.4

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

4.4

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ESAFENET CDG V5 Cross-Site Scripting Vulnerability in SysConfig.jsp

Vulnerability

Impact

Reproduction

Affected Products

ESAFENET CDG

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating