Impronta Janto vulnerabilities
2 known vulnerabilities affecting impronta/janto.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2025-1107P2CRITICALCVSS 9.9fixed in r122025-02-07
CVE-2025-1107 [CRITICAL] CWE-620 CVE-2025-1107: Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauth
Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To exploit the vulnerability, the attacker must create a specific POST request and send it to the endpoint ‘/public/cgi/Gateway.php’.
nvd
CVE-2025-1108P3HIGHCVSS 8.6fixed in r122025-02-07
CVE-2025-1108 [HIGH] CWE-345 CVE-2025-1108: Insufficient data authenticity verification vulnerability in Janto, versions prior to r12. This allo
Insufficient data authenticity verification vulnerability in Janto, versions prior to r12. This allows an unauthenticated attacker to modify the content of emails sent to reset the password. To exploit the vulnerability, the attacker must create a POST request by injecting malicious content into the ‘Xml’ parameter on the ‘/public/cgi/Gateway.php’ endpo
nvd