CVE-2017-7992

2017-04-2114:59:00

Google

osv.dev

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.3%

JSON

Heartland Payment Systems Payment Gateway PHP SDK hps/heartland-php v2.8.17 is vulnerable to a reflected XSS in examples/consumer-authentication/cruise.php via the URI, as demonstrated by the cavv parameter.

CPENameOperatorVersion
heartland-phpeq2.8.6
heartland-phpeq2.8.16
heartland-phpeq2.7.1
heartland-phpeq2.8.17
heartland-phpeq2.8.4
heartland-phpeq2.8.1
heartland-phpeq2.8.15
heartland-phpeq2.8.5
heartland-phpeq2.8.14
heartland-phpeq2.8.7

Name	Operator	Version
heartland-php	eq	2.8.6
heartland-php	eq	2.8.16
heartland-php	eq	2.7.1
heartland-php	eq	2.8.17
heartland-php	eq	2.8.4
heartland-php	eq	2.8.1
heartland-php	eq	2.8.15
heartland-php	eq	2.8.5
heartland-php	eq	2.8.14
heartland-php	eq	2.8.7

Rows per page:

1-10 of 251

References

github.com/hps/heartland-php/issues/28