PT-2017-18054 · Heartland Payment Systems · Heartland Payment Systems Payment Gateway Php Sdk

Jgj212

Published

2017-04-21

Updated

2017-04-27

CVE-2017-7992

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Heartland Payment Systems Payment Gateway PHP SDK hps/heartland-php version 2.8.17

Description The issue concerns a reflected XSS in the examples/consumer-authentication/cruise.php file via the URI. Specifically, the cavv parameter is vulnerable to this type of attack.

Recommendations For version 2.8.17, consider restricting access to the vulnerable cruise.php file until a patch is available. As a temporary workaround, avoid using the cavv parameter in the affected URI to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-7992

Affected Products

Heartland Payment Systems Payment Gateway Php Sdk

PT-2017-18054 · Heartland Payment Systems · Heartland Payment Systems Payment Gateway Php Sdk

CVE-2017-7992

Weakness Enumeration

Related Identifiers

Affected Products

References · 3