CVE-2024-25283

Name of the Vulnerable Software and Affected Versions 3DSecure 2.0 version 3DS Authorization Challenge

Description The issue is related to multiple reflected Cross-Site Scripting (XSS) vulnerabilities in the 3DS Authorization Challenge of 3DSecure 2.0. This occurs via a modified params parameter in a /rest/online request with a /redirect?action=challenge&txn=… endpoint.

Recommendations For 3DSecure 2.0 version 3DS Authorization Challenge, consider restricting access to the /rest/online endpoint with a /redirect?action=challenge&txn=… request to minimize the risk of exploitation. Avoid using the modified params parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.