CVE-2025-0578 | Facile Sistemas Cloud Apps up to 20250107 Password Reset /account/forgotpassword reterros cross site scripting

A vulnerability was found in Facile Sistemas Cloud Apps up to 20250107. It has been classified as problematic. Affected is an unknown function of the file /account/forgotpassword of the component Password Reset Handler. The manipulation of the argument reterros leads to cross site scripting.

This vulnerability is traded as CVE-2025-0578. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

It is recommended to apply restrictive firewalling.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-0578 | Facile Sistemas Cloud Apps up to 20250107 Password Reset /account/forgotpassword reterros cross site scripting

Related Posts

CVE-2024-22182 | Commend WS203VICM up to 1.7 Messages argument injection (icsa-24-051-01)

CVE-2024-39943 | Rejetto HTTP File Server up to 0.52.9 on Linux/Unix/macOS Upload Node.js child_process Privilege Escalation

CVE-2024-25629 | c-ares up to 1.26.x Null Character ares__read_line memory corruption

CVE-2023-6682 | GitLab Community Edition/Enterprise Edition up to 16.9.6/16.10.4/16.11.1 Discord Integrations Chat Message HAndler resource consumption (Issue 434821)