Cross-site Scripting (XSS) Vulnerability in PayU India
CVE-2024-27193

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Payu India
Vendor: CVE Published:; 15 March 2024

What is CVE-2024-27193?

A reflected cross-site scripting (XSS) vulnerability exists within PayU India's payment solutions, allowing attackers to inject malicious scripts into web pages served to users. This vulnerability can potentially impact user sessions and enable unauthorized actions through compromised scripts. The flaw affects various versions of the PayU India Plugin, specifically noted in version 3.8.2, making it vital for users to implement immediate security measures to mitigate potential risks associated with this issue.

Affected Version(s)

PayU India <= 3.8.2

References

https://patchstack.com/database/vulnerability/payu-india/...

vdb-entry

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 15, 2024
Vulnerability Reserved
Feb 21, 2024

Credit

Dimas Maulana (Patchstack Alliance)