CVE-2025-1108 – Janto Email Password Reset Replay Vulnerability

The following table lists the changes that have been made to the CVE-2025-1108 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received by [email protected]

    Feb. 07, 2025

    Action Type Old Value New Value
    Added Description Insufficient data authenticity verification vulnerability in Janto, versions prior to r12. This allows an unauthenticated attacker to modify the content of emails sent to reset the password. To exploit the vulnerability, the attacker must create a POST request by injecting malicious content into the ‘Xml’ parameter on the ‘/public/cgi/Gateway.php’ endpoint.
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
    Added CWE CWE-345
    Added Reference https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janto

نوشته های مشابه

CVE-2024-57668 – Apache Code-projects Shopping Portal File Upload Vulnerability

CVE-2024-7419 – “WordPress WP ALL Export Pro Remote Code Execution”

CVE-2025-1107 – Janto Password Change Encryption Bypass Vulnerability

CVE-2024-10383 – GitLab Web IDE VSCode Fork XSS