CVE-2018-19189

Опубликовано: 14 нояб. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in an error.php echo statement.

Ссылки

http://www.securityfocus.com/bid/105930
Third Party Advisory
VDB Entry
https://www.seekurity.com/blog/general/payfort-multiple-security-issues-and-concerns-in-a-supposed-to-be-pci-dss-compliant-payment-processor-sdk
Exploit
Third Party Advisory
http://www.securityfocus.com/bid/105930
Third Party Advisory
VDB Entry
https://www.seekurity.com/blog/general/payfort-multiple-security-issues-and-concerns-in-a-supposed-to-be-pci-dss-compliant-payment-processor-sdk
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:amazon:payfort-php-sdk:*:*:*:*:*:*:*:*

Версия до 2018-04-26 (включая)

EPSS

Процентиль: 55%

0.00328

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-2924-mp4r-x286