CVE-2024-33981

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions PayPal, Credit Card and Debit Card Payment version 1.0

Description A Cross-Site Scripting (XSS) issue allows an attacker to create a specially crafted URL and send it to a victim to obtain details of their session cookie via the start parameter in "/admin/mod reports/index.php".

Recommendations For version 1.0, consider disabling access to the "/admin/mod reports/index.php" endpoint until a patch is available. Restrict the use of the start parameter in this endpoint to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-33981

Affected Products

Paypal

CVE-2024-33981

Weakness Enumeration

Related Identifiers

Affected Products

References · 6