CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19189
https://notcve.org/view.php?id=CVE-2018-19189
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in an error.php echo statement. El SDK de pasarela de pagos payfort-php-SDK de Amazon PAYFORT hasta el 26/04/2018 tiene Cross-Site Scripting (XSS) mediante un nombre de parámetro o valor arbitrario que se gestiona de manera incorrecta en una instrucción eco error.php. • http://www.securityfocus.com/bid/105930 https://www.seekurity.com/blog/general/payfort-multiple-security-issues-and-concerns-in-a-supposed-to-be-pci-dss-compliant-payment-processor-sdk • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19190
https://notcve.org/view.php?id=CVE-2018-19190
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the error.php error_msg parameter. El SDK de pasarela de pagos payfort-php-SDK de Amazon PAYFORT hasta el 26/04/2018 tiene Cross-Site Scripting (XSS) mediante el parámetro error_msg en error.php. • http://www.securityfocus.com/bid/105930 https://www.seekurity.com/blog/general/payfort-multiple-security-issues-and-concerns-in-a-supposed-to-be-pci-dss-compliant-payment-processor-sdk • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19187
https://notcve.org/view.php?id=CVE-2018-19187
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in a success.php echo statement. El SDK de pasarela de pagos payfort-php-SDK de Amazon PAYFORT hasta el 26/04/2018 tiene Cross-Site Scripting (XSS) mediante un nombre de parámetro o valor arbitrario que se gestiona de manera incorrecta en una instrucción eco success.php. • http://www.securityfocus.com/bid/105930 https://www.seekurity.com/blog/general/payfort-multiple-security-issues-and-concerns-in-a-supposed-to-be-pci-dss-compliant-payment-processor-sdk • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19186
https://notcve.org/view.php?id=CVE-2018-19186
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the route.php paymentMethod parameter. El SDK de pasarela de pagos payfort-php-SDK de Amazon PAYFORT hasta el 26/04/2018 tiene Cross-Site Scripting (XSS) mediante el parámetro paymentMethod en route.php. • https://www.seekurity.com/blog/general/payfort-multiple-security-issues-and-concerns-in-a-supposed-to-be-pci-dss-compliant-payment-processor-sdk • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2018-19188
https://notcve.org/view.php?id=CVE-2018-19188
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the success.php fort_id parameter. El SDK de pasarela de pagos payfort-php-SDK de Amazon PAYFORT hasta el 26/04/2018 tiene Cross-Site Scripting (XSS) mediante el parámetro fort_id en success.php. • http://www.securityfocus.com/bid/105930 https://github.com/payfort/payfort-php-sdk/issues/12 https://www.seekurity.com/blog/general/payfort-multiple-security-issues-and-concerns-in-a-supposed-to-be-pci-dss-compliant-payment-processor-sdk • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •