PT-2018-14849 · Payfort · Payfort-Php-Sdk

Jgj212

Published

2018-11-14

Updated

2018-12-17

CVE-2018-19188

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions payfort-php-SDK versions through 2018-04-26

Description The issue concerns a security problem where an attacker can execute malicious scripts. This is achieved by exploiting the fort id parameter in the success.php file, allowing for malicious code execution.

Recommendations For versions through 2018-04-26, avoid using the fort id parameter in the success.php file until a fix is available. Consider validating and sanitizing user input to prevent malicious code execution.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-19188

Affected Products

Payfort-Php-Sdk

PT-2018-14849 · Payfort · Payfort-Php-Sdk

CVE-2018-19188

Weakness Enumeration

Related Identifiers

Affected Products

References · 5