CVE-2024-25284

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions 3DSecure 2.0 version 3DS Authorization Method

Description The issue concerns multiple reflected Cross-Site Scripting (XSS) vulnerabilities in the 3DS Authorization Method of 3DSecure 2.0. This vulnerability allows reflected XSS via the threeDSMethodData parameter in the threeDsMethod.jsp endpoint.

Recommendations For 3DSecure 2.0 version 3DS Authorization Method, consider restricting access to the threeDSMethodData parameter in the threeDsMethod.jsp endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2024-25284

Affected Products

3Dsecure 2.0

CVE-2024-25284

Related Identifiers

Affected Products

References · 5