17 matches found
CVE-2024-25282
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...
CVE-2024-25284
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...
CVE-2024-25286
CVE-2024-25286 concerns a CSRF vulnerability in the 3DSecure 2.0 system, specifically the “3DS Authorization Method” of Redsys (3DSecure 2.0). The issue allows an attacker to submit unauthorized form data by manipulating HTTP Origin and Referer headers, potentially triggering unauthorized transac...
CVE-2024-25286
...
CVE-2024-25282
3DSecure 2.0 allows XSS in its 3DSMethod Authentication via a modified params parameter in a /rest/online request with a /redirect?action=challenge&txn= substring...
CVE-2024-25282
...
CVE-2024-25282
Redsys 3DSecure 2.0 (3DS Method Authentication) is reported vulnerable to Cross‑Site Scripting (XSS) via a modified params parameter in a /rest/online request with a /redirect?action=challenge&txn=... path. Root cause: insufficient sanitization/validation of the params field, which is base64-enco...
CVE-2024-25283
...
CVE-2024-25284
...
CVE-2024-25285
CVE-2024-25285 is associated with Redsys 3DSecure 2.0. The vulnerability allows form action hijacking on the threeDSMethod.jsp endpoint, via manipulation of the threeDSMethodNotificationURL or threeDSMethodData parameters, enabling redirection of form submissions to a malicious destination and po...
CVE-2024-25284
3DSecure 2.0 allows reflected XSS in the 3DS Authorization Method via the threeDsMethod.jsp threeDSMethodData parameter...
CVE-2024-25285
...
CVE-2024-25286
...
3DSecure 2.0 3DS Authorization Method Cross Site Request Forgery
Product: 3DSecure 2.0 Manufacturer: Redsys Affected Versions: 3DSecure 2.0 3DS Authorization Method Tested Versions: 3DSecure 2.0 3DS Authorization Method Vulnerability Type: Cross-Site Request Forgery CSRF Risk Level: Medium Solution Status: Not yet fixed Manufacturer Notification: 2024-01-17...
3DSecure 2.0 3DS Method Authentication Cross Site Scripting
Product: 3DSecure 2.0 Manufacturer: Redsys Affected Versions: 3DSecure 2.0 3DS Method Authentication Tested Versions: 3DSecure 2.0 3DS Method Authentication Vulnerability Type: Cross-Site Scripting XSS Risk Level: Medium Solution Status: Not yet fixed Manufacturer Notification: 2024-01-17 Solutio...
3DSecure 2.0 3DS Authorization Challenge Cross Site Scripting
Product: 3DSecure 2.0 Manufacturer: Redsys Affected Versions: 3DSecure 2.0 3DS Authorization Challenge Tested Versions: 3DSecure 2.0 3DS Authorization Challenge Vulnerability Type: Cross-Site Scripting XSS Risk Level: Medium Solution Status: Not yet fixed Manufacturer Notification: 2024-01-17...
3DSecure 2.0 3DS Method Authentication Cross Site Scripting
Product: 3DSecure 2.0 Manufacturer: Redsys Affected Versions: 3DSecure 2.0 3DS Method Authentication Tested Versions: 3DSecure 2.0 3DS Method Authentication Vulnerability Type: Cross-Site Scripting XSS Risk Level: Medium Solution Status: Not yet fixed Manufacturer Notification: 2024-01-17 Solutio...