Filtered by vendor 3dsecure
Subscriptions
Filtered by product 3dsecure
Subscriptions
Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-25285 | 1 3dsecure | 1 3dsecure | 2024-10-09 | 6.1 Medium |
3DSecure 2.0 allows form action hijacking via threeDsMethod.jsp?threeDSMethodData= or the threeDSMethodNotificationURL parameter. The destination web site for a form submission can be modified. | ||||
CVE-2024-25286 | 1 3dsecure | 1 3dsecure | 2024-10-09 | 8.8 High |
3DSecure 2.0 allows CSRF in the Authorization Method via modified Origin and Referer HTTP headers. | ||||
CVE-2024-25284 | 1 3dsecure | 1 3dsecure | 2024-10-09 | 5.4 Medium |
3DSecure 2.0 allows reflected XSS in the 3DS Authorization Method via the threeDsMethod.jsp threeDSMethodData parameter. | ||||
CVE-2024-25283 | 1 3dsecure | 1 3dsecure | 2024-10-09 | 5.4 Medium |
3DSecure 2.0 allows reflected XSS in the 3DS Authorization Challenge via a modified params parameter in a /rest/online request with a /redirect?action=challenge&txn= substring. | ||||
CVE-2024-25282 | 1 3dsecure | 1 3dsecure | 2024-10-09 | 5.4 Medium |
3DSecure 2.0 allows XSS in its 3DSMethod Authentication via a modified params parameter in a /rest/online request with a /redirect?action=challenge&txn= substring. |
Page 1 of 1.