Cross-Site Scripting Vulnerability in Amazon PAYFORT Payment Gateway SDK
CVE-2018-19188

6.1MEDIUM

Key Information:

Vendor

Amazon

Status
Payfort-PHP-sdk
Vendor
CVE Published:
14 November 2018

What is CVE-2018-19188?

The Amazon PAYFORT payment gateway SDK is susceptible to a Cross-Site Scripting (XSS) vulnerability through the 'success.php' file, specifically affecting the 'fort_id' parameter. This flaw allows attackers to inject malicious scripts into web applications, potentially compromising user data and leading to unauthorized actions. Developers using affected versions of the SDK should assess their implementations and apply appropriate safeguards to mitigate the risk of exploitation.

References

https://github.com/payfort/payfort-php-sdk/issues/12
x_refsource_MISC
https://www.seekurity.com/blog/general/payfort-multiple-s...
x_refsource_MISC
http://www.securityfocus.com/bid/105930
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.