CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-23315
https://notcve.org/view.php?id=CVE-2023-23315
The PrestaShop e-commerce platform module stripejs contains a Blind SQL injection vulnerability up to version 4.5.5. The method `stripejsValidationModuleFrontController::initContent()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. • https://friends-of-presta.github.io/security-advisories/modules/2023/03/01/stripejs.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24753 – Code injection in Stripe CLI on windows
https://notcve.org/view.php?id=CVE-2022-24753
Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are `stripe login`, `stripe config -e`, `stripe community`, and `stripe open`. MacOS and Linux are unaffected. An attacker who successfully exploits the vulnerability can run arbitrary code in the context of the current user. • https://github.com/stripe/stripe-cli/commit/be38da5c0191adb77f661f769ffff2fbc7ddf6cd https://github.com/stripe/stripe-cli/security/advisories/GHSA-4cx6-fj7j-pjx9 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21420 – Vulnerability in Stripe for Visual Studio Code < 1.7.3
https://notcve.org/view.php?id=CVE-2021-21420
vscode-stripe is an extension for Visual Studio Code. A vulnerability in Stripe for Visual Studio Code extension exists when it loads an untrusted source-code repository containing malicious settings. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The update addresses the vulnerability by modifying the way the extension validates its settings. vscode-stripe es una extensión para Visual Studio Code. Se presenta una vulnerabilidad en la extensión Stripe para Visual Studio Code cuando carga un repositorio de código fuente que no sea de confianza y que contiene configuraciones maliciosas. • https://github.com/stripe/vscode-stripe/security/advisories/GHSA-j6x4-4622-8vv3 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19249
https://notcve.org/view.php?id=CVE-2018-19249
The Stripe API v1 allows remote attackers to bypass intended access restrictions by replaying api.stripe.com /v1/tokens XMLHttpRequest data, parsing the response under the object card{}, and reading the cvc_check information if the creation is successful without charging the actual card used in the transaction. La versión v1 de la API Stripe permite a los atacantes remotos omitir las restricciones de accesos planeados repitiendo los datos de api.stripe.com /v1/tokens XMLHttpRequest, analizando la respuesta bajo el objeto "card{}" y leyendo la información "cvc_check" si la creación es exitosa sin cambiar la tarjeta actual que se utiliza en la transacción. • https://fredmooredamian.blogspot.com/2019/01/improper-authentication-on-stripe-api-v1.html • CWE-287: Improper Authentication •