5 matches found
CVE-2018-19188
The CVE-2018-19188 entry concerns the Amazon PAYFORT payfort-php-SDK (pre-2018-04-26) with an XSS flaw exploitable through the success.php fort_id parameter. Connected records (NVD, CVE List, CNVD, PRION, CVELIST) corroborate the same description. The documents do not provide explicit remediation...
CVE-2018-19187
The CVE-2018-19187 entry concerns the Amazon PAYFORT payfort-php-SDK (payment gateway SDK) with an XSS flaw present through 2018-04-26. The root cause is mishandling of an arbitrary parameter name or value in a success.php echo statement, enabling cross-site scripting. Documents identify the affe...
CVE-2018-19189
The CVE-2018-19189 entry concerns the Amazon PAYFORT payfort-php-SDK (up to 2018-04-26) and a cross-site scripting (XSS) condition caused by mishandling an arbitrary parameter name or value in an error.php echo statement. The vulnerability is described in the NVD entry as an XSS risk with a CVSS ...
CVE-2018-19186
CVE-2018-19186 concerns the Amazon PAYFORT payfort-php-SDK (payment gateway SDK) through 2018-04-26, where a cross-site scripting (XSS) flaw exists in the route.php paymentMethod parameter. The vulnerability is evidenced in NVD and corroborated by multiple sources (CNVD/CVE records). Affected com...
CVE-2018-19190
The CVE-2018-19190 entry concerns the Amazon PAYFORT payfort-php-SDK payment gateway, with an XSS vulnerability exploitable via the error.php error_msg parameter in versions up to 2018-04-26. The NVD notes CVSS v2 base score 4.3 (Medium) and CVSS v3.0 base score 6.1 (Medium). Exploitation details...