PT-2018-14850 · Payfort · Payfort-Php-Sdk
Published
2018-11-14
·
Updated
2018-12-17
·
CVE-2018-19189
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
payfort-php-SDK versions through 2018-04-26
Description
The issue concerns an XSS vulnerability due to the mishandling of arbitrary parameter names or values in an error.php echo statement.
Recommendations
For payfort-php-SDK versions through 2018-04-26, consider updating to a version released after 2018-04-26 to resolve the issue. As a temporary workaround, restrict the handling of arbitrary parameters in the error.php file to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Payfort-Php-Sdk