Lucene search
K

32 matches found

CVE
CVE
added 2024/10/09 12:0 a.m.54 views

CVE-2024-25282

Redsys 3DSecure 2.0 (3DS Method Authentication) is reported vulnerable to Cross‑Site Scripting (XSS) via a modified params parameter in a /rest/online request with a /redirect?action=challenge&txn=... path. Root cause: insufficient sanitization/validation of the params field, which is base64-enco...

6.1AI score
Exploits1
Vulnrichment
Vulnrichment
added 2024/10/09 12:0 a.m.8 views

CVE-2024-25283

3DSecure 2.0 allows reflected XSS in the 3DS Authorization Challenge via a modified params parameter in a /rest/online request with a /redirect?action=challenge&txn= substring...

5.2AI score
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/10/09 12:0 a.m.9 views

CVE-2024-25284

3DSecure 2.0 allows reflected XSS in the 3DS Authorization Method via the threeDsMethod.jsp threeDSMethodData parameter...

5.3AI score
Exploits1References2
Packet Storm
Packet Storm
added 2024/09/12 12:0 a.m.297 views

3DSecure 2.0 3DS Authorization Challenge Cross Site Scripting

Product: 3DSecure 2.0 Manufacturer: Redsys Affected Versions: 3DSecure 2.0 3DS Authorization Challenge Tested Versions: 3DSecure 2.0 3DS Authorization Challenge Vulnerability Type: Cross-Site Scripting XSS Risk Level: Medium Solution Status: Not yet fixed Manufacturer Notification: 2024-01-17...

7.4AI score
Exploits1
Packet Storm
Packet Storm
added 2024/09/12 12:0 a.m.310 views

3DSecure 2.0 3DS Authorization Method Cross Site Scripting

Product: 3DSecure 2.0 Manufacturer: Redsys Affected Versions: 3DSecure 2.0 3DS Authorization Method Tested Versions: 3DSecure 2.0 3DS Authorization Method Vulnerability Type: Cross-Site Scripting XSS Risk Level: Medium Solution Status: Not yet fixed Manufacturer Notification: 2024-01-17 Solution...

7.4AI score
Exploits1
Packet Storm
Packet Storm
added 2024/09/12 12:0 a.m.400 views

3DSecure 2.0 3DS Authorization Method Cross Site Request Forgery

Product: 3DSecure 2.0 Manufacturer: Redsys Affected Versions: 3DSecure 2.0 3DS Authorization Method Tested Versions: 3DSecure 2.0 3DS Authorization Method Vulnerability Type: Cross-Site Request Forgery CSRF Risk Level: Medium Solution Status: Not yet fixed Manufacturer Notification: 2024-01-17...

7.4AI score
Exploits1
Packet Storm
Packet Storm
added 2024/09/12 12:0 a.m.384 views

3DSecure 2.0 3DS Method Authentication Cross Site Scripting

Product: 3DSecure 2.0 Manufacturer: Redsys Affected Versions: 3DSecure 2.0 3DS Method Authentication Tested Versions: 3DSecure 2.0 3DS Method Authentication Vulnerability Type: Cross-Site Scripting XSS Risk Level: Medium Solution Status: Not yet fixed Manufacturer Notification: 2024-01-17 Solutio...

7.4AI score
Exploits1
Packet Storm
Packet Storm
added 2024/09/12 12:0 a.m.366 views

3DSecure 2.0 3DS Method Authentication Cross Site Scripting

Product: 3DSecure 2.0 Manufacturer: Redsys Affected Versions: 3DSecure 2.0 3DS Method Authentication Tested Versions: 3DSecure 2.0 3DS Method Authentication Vulnerability Type: Cross-Site Scripting XSS Risk Level: Medium Solution Status: Not yet fixed Manufacturer Notification: 2024-01-17 Solutio...

7.4AI score
Exploits1
Prion
Prion
added 2022/06/09 7:15 a.m.21 views

Design/Logic Flaw

silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways those that use intermediary states like isNotification or isRedirect, if the payment identifier or success URL is exposed it is possible for payments to be prematurely marked as...

5.8CVSS6.3AI score0.00618EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/06/06 7:35 p.m.15 views

CVE-2022-29254 Failed payment recorded has completed in silverstripe/silverstripe-omnipay

silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways those that use intermediary states like isNotification or isRedirect, if the payment identifier or success URL is exposed it is possible for payments to be prematurely marked as...

3.7CVSS6.5AI score0.00618EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/06/06 7:35 p.m.5 views

CVE-2022-29254 Failed payment recorded has completed in silverstripe/silverstripe-omnipay

silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways those that use intermediary states like isNotification or isRedirect, if the payment identifier or success URL is exposed it is possible for payments to be prematurely marked as...

3.7CVSS6.3AI score0.00618EPSS
Exploits0References2
CVE
CVE
added 2022/06/06 7:35 p.m.97 views

CVE-2022-29254

The CVE-2022-29254 issue affects silverstripe-omnipay (SilverStripe integration with Omnipay). For certain gateways using intermediary states (isNotification/isRedirect), exposing the payment identifier or success URL can cause payments to be prematurely marked as completed without payment actual...

6.5CVSS5.1AI score0.00618EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder