CVE-2018-19187

The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in a success.php echo statement.

Published : 2018-11-14 09:29 Updated : 2018-12-17 20:07

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Amazon Payfort-php-sdk 2018-04-26 cpe:/a:amazon:payfort-php-sdk:2018-04-26
  1. Amazon (1) Search CVE
    1. Payfort-php-sdk (1) Search CVE
      1. 2018-04-26

CWE

ID Name Description Links
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. CVE

History of changes

Date Event
2018-12-17 20:07
2018-11-16 11:29
2018-11-14 09:29

New CVE