PT-2024-25612 · Paypal · Paypal

Rafael Pedrero

Published

2024-08-06

Updated

2024-08-15

CVE-2024-33980

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions PayPal, Credit Card and Debit Card Payment version 1.0

Description A Cross-Site Scripting (XSS) issue allows an attacker to create a specially crafted URL and send it to a victim to obtain details of their session cookie via the start parameter in "/admin/mod reports/printreport.php".

Recommendations For version 1.0, consider disabling access to the "/admin/mod reports/printreport.php" endpoint until a patch is available, and restrict the use of the start parameter to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-33980

Affected Products

Paypal

PT-2024-25612 · Paypal · Paypal

CVE-2024-33980

Weakness Enumeration

Related Identifiers

Affected Products

References · 6