- Description
- A vulnerability was found in Facile Sistemas Cloud Apps up to 20250107. It has been classified as problematic. Affected is an unknown function of the file /account/forgotpassword of the component Password Reset Handler. The manipulation of the argument reterros leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- Source
- cna@vuldb.com
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 5.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 3.5
- Impact score
- 1.4
- Exploitability score
- 2.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
- Severity
- LOW
CVSS 2.0
- Type
- Secondary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:N/I:P/A:N
- cna@vuldb.com
- CWE-79
- Hype score
- Not currently trending
CVE-2025-0578 Public Exploit for XSS in Facile Sistemas Password Reset Handler https://t.co/R7mDAUNCww Customizable Vulnerability Alerts: https://t.co/U7998fz7yk
@VulmonFeeds
20 Jan 2025
25 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0578 A vulnerability was found in Facile Sistemas Cloud Apps up to 20250107. It has been classified as problematic. Affected is an unknown function of the file /account/forg… https://t.co/BhQpwJGwid
@CVEnew
20 Jan 2025
892 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
New post from https://t.co/uXvPWJy6tj (CVE-2025-0578 | Facile Sistemas Cloud Apps up to 20250107 Password Reset /account/forgotpassword reterros cross site scripting) has been published on https://t.co/VxJrkMDzdh
@WolfgangSesin
19 Jan 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New post from https://t.co/uXvPWJy6tj (CVE-2025-0578 | Facile Sistemas Cloud Apps up to 20250107 Password Reset /account/forgotpassword reterros cross site scripting) has been published on https://t.co/zfQq8Bs4wf
@WolfgangSesin
19 Jan 2025
18 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes