Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Paymoney Security Vulnerabilities

cve
cve

CVE-2022-37137

PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting (XSS) during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will prompt after that or can be access from the...

5.4CVSS

5.3AI Score

0.001EPSS

2022-09-14 11:15 AM
29
5
cve
cve

CVE-2022-37140

PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF...

8CVSS

8AI Score

0.003EPSS

2022-09-14 11:15 AM
25
5
cve
cve

CVE-2022-34991

Paymoney v3.3 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the first_name and last_name...

5.4CVSS

5.5AI Score

0.001EPSS

2022-07-26 01:15 PM
33
2