32 matches found
EUVD-2022-5918
Malicious code in bioql PyPI...
CVE-2024-25282
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...
CVE-2024-25285
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...
CVE-2024-25283
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...
CVE-2024-25284
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...
CVE-2024-25286
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...
CVE-2024-25286
CVE-2024-25286 concerns a CSRF vulnerability in the 3DSecure 2.0 system, specifically the “3DS Authorization Method” of Redsys (3DSecure 2.0). The issue allows an attacker to submit unauthorized form data by manipulating HTTP Origin and Referer headers, potentially triggering unauthorized transac...
CVE-2024-25284
CVE-2024-25284 concerns RedSys 3DSecure 2.0, specifically the 3DS Authorization Method. The vulnerability is a reflected Cross‑Site Scripting (XSS) in the threeDSMethod.jsp endpoint, caused by lack of sanitization of the threeDSMethodData parameter. This allows an attacker to inject arbitrary scr...
CVE-2024-25286
...
CVE-2024-25282
...
CVE-2024-25282
3DSecure 2.0 allows XSS in its 3DSMethod Authentication via a modified params parameter in a /rest/online request with a /redirect?action=challenge&txn= substring...
CVE-2024-25282
Redsys 3DSecure 2.0 (3DS Method Authentication) is reported vulnerable to Cross‑Site Scripting (XSS) via a modified params parameter in a /rest/online request with a /redirect?action=challenge&txn=... path. Root cause: insufficient sanitization/validation of the params field, which is base64-enco...
CVE-2024-25283
...
编号撤回
RedSys 3DSecure is a payment security technology from RedSys, Spain, designed to improve the security of online transactions, especially during credit and debit card payments. This CVE number has been withdrawn...
CVE-2024-25285
...
CVE-2024-25283
3DSecure 2.0 allows reflected XSS in the 3DS Authorization Challenge via a modified params parameter in a /rest/online request with a /redirect?action=challenge&txn= substring...
CVE-2024-25285
CVE-2024-25285 is associated with Redsys 3DSecure 2.0. The vulnerability allows form action hijacking on the threeDSMethod.jsp endpoint, via manipulation of the threeDSMethodNotificationURL or threeDSMethodData parameters, enabling redirection of form submissions to a malicious destination and po...
CVE-2024-25284
...
CVE-2024-25284
3DSecure 2.0 allows reflected XSS in the 3DS Authorization Method via the threeDsMethod.jsp threeDSMethodData parameter...
CVE-2024-25285
...