XSS Vulnerability in Amazon PAYFORT Payment Gateway SDK
CVE-2018-19187

6.1MEDIUM

Key Information:

Vendor: Amazon
Status: Payfort-PHP-sdk
Vendor: CVE Published:; 14 November 2018

What is CVE-2018-19187?

The PAYFORT Payment Gateway SDK by Amazon is susceptible to Cross-Site Scripting (XSS) attacks due to improper handling of arbitrary parameter names or values in its success.php file. This vulnerability allows malicious actors to inject scripts into the SDK, leading to potential exploitation and unauthorized access. It is essential for developers to apply patches and follow security best practices to mitigate these risks.

References

https://www.seekurity.com/blog/general/payfort-multiple-s...

x_refsource_MISC

http://www.securityfocus.com/bid/105930

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 14, 2018
Vulnerability Reserved
Nov 11, 2018