Unknown · Esafenet Cdg · CVE-2025-0795
**Name of the Vulnerable Software and Affected Versions**
ESAFENET CDG version V5
**Description**
A problem was found in ESAFENET CDG, affecting an unknown part of the file /todolistjump.jsp. The manipulation of the `flowId` argument leads to cross-site scripting. It is possible to initiate the attack remotely. The issue has been disclosed publicly and the vendor was contacted but did not respond.
**Recommendations**
ESAFENET CDG version V5: Update the /todolistjump.jsp file to properly sanitize the `flowId` argument to prevent cross-site scripting attacks.