Verisign Payflow Link, when running with empty Accepted URL fields, does not properly verify the data in the hidden AMOUNT field, which allows remote attackers to modify the price of the items that they purchase.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2004-12-15T05:00:00

Updated: 2024-08-08T00:46:12.385Z

Reserved: 2004-12-14T00:00:00

Link: CVE-2004-1209

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2005-01-10T05:00:00.000

Modified: 2024-11-20T23:50:22.257

Link: CVE-2004-1209

cve-icon Redhat

No data.