5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
70.5%
Verisign Payflow Link, when running with empty Accepted URL fields, does not properly verify the data in the hidden AMOUNT field, which allows remote attackers to modify the price of the items that they purchase.
CPE | Name | Operator | Version |
---|---|---|---|
verisign:payflow_link | verisign payflow link | eq | * |