Cross-Site Scripting Vulnerability in Amazon PAYFORT Payment Gateway SDK
CVE-2018-19189

6.1MEDIUM

Key Information:

Vendor: Amazon
Status: Payfort-PHP-sdk
Vendor: CVE Published:; 14 November 2018

What is CVE-2018-19189?

The Amazon PAYFORT payment gateway SDK has a vulnerability that exposes it to Cross-Site Scripting (XSS) attacks. This flaw arises from improper handling of parameters in the error.php script, where an arbitrary parameter name or value can lead to an XSS exploit. Malicious actors can leverage this vulnerability to manipulate the output of the application, potentially allowing unauthorized access to sensitive data or executing harmful scripts in the context of a user's session. It is vital for users utilizing the PAYFORT SDK to assess their implementations and apply necessary patches as part of their security best practices.

References

https://www.seekurity.com/blog/general/payfort-multiple-s...

x_refsource_MISC

http://www.securityfocus.com/bid/105930

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 14, 2018
Vulnerability Reserved
Nov 11, 2018