CVE-2024-25283

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...

CVE-2024-25283

...

CVE-2024-25283

3DSecure 2.0 allows reflected XSS in the 3DS Authorization Challenge via a modified params parameter in a /rest/online request with a /redirect?action=challenge&txn= substring...

CVE-2024-25283

The CVE-2024-25283 entry concerns 3DSecure 2.0, specifically the 3DS Authorization Challenge. A reflected Cross‑Site Scripting (XSS) vulnerability exists in the /rest/online endpoint where the modified params parameter in a /redirect?action=challenge&txn=… URL is not sanitized, enabling injection...

3DSecure 2.0 3DS Authorization Challenge Cross Site Scripting

Product: 3DSecure 2.0 Manufacturer: Redsys Affected Versions: 3DSecure 2.0 3DS Authorization Challenge Tested Versions: 3DSecure 2.0 3DS Authorization Challenge Vulnerability Type: Cross-Site Scripting XSS Risk Level: Medium Solution Status: Not yet fixed Manufacturer Notification: 2024-01-17...

PT-2024-20858 · Unknown · 3Dsecure 2.0

Name of the Vulnerable Software and Affected Versions: 3DSecure 2.0 version 3DS Authorization Challenge Description: The issue is related to multiple reflected Cross-Site Scripting XSS vulnerabilities in the 3DS Authorization Challenge of 3DSecure 2.0. This occurs via a modified params parameter ...