The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in a success.php echo statement.
References
Link | Resource |
---|---|
https://www.seekurity.com/blog/general/payfort-multiple-security-issues-and-concerns-in-a-supposed-to-be-pci-dss-compliant-payment-processor-sdk | Exploit Third Party Advisory |
http://www.securityfocus.com/bid/105930 | Third Party Advisory VDB Entry |
Configurations
Information
Published : 2018-11-14 01:29
Updated : 2018-12-17 12:07
NVD link : CVE-2018-19187
Mitre link : CVE-2018-19187
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
amazon
- payfort-php-sdk