XSS Vulnerability in Amazon PAYFORT Payment Gateway SDK
CVE-2018-19190

6.1MEDIUM

Key Information:

Vendor: Amazon
Status: Payfort-PHP-sdk
Vendor: CVE Published:; 14 November 2018

What is CVE-2018-19190?

The Amazon PAYFORT payment gateway SDK suffers from a Cross-Site Scripting (XSS) vulnerability through the error.php error_msg parameter, potentially allowing attackers to execute arbitrary scripts in the context of a user's session. This exposure can lead to various security risks, such as data theft or session hijacking, putting sensitive information at risk. Proper validation and sanitization of input parameters are crucial to mitigate this issue.

References

https://www.seekurity.com/blog/general/payfort-multiple-s...

x_refsource_MISC

http://www.securityfocus.com/bid/105930

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 14, 2018
Vulnerability Reserved
Nov 11, 2018