DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

References

No reference.

History

Tue, 22 Oct 2024 21:30:00 +0000


Tue, 22 Oct 2024 21:00:00 +0000

Type Values Removed Values Added
Description 3DSecure 2.0 allows XSS in its 3DSMethod Authentication via a modified params parameter in a /rest/online request with a /redirect?action=challenge&txn= substring. DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

Wed, 09 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared 3dsecure
3dsecure 3dsecure
Weaknesses CWE-79
CPEs cpe:2.3:a:3dsecure:3dsecure:2.0:*:*:*:*:*:*:*
Vendors & Products 3dsecure
3dsecure 3dsecure
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 09 Oct 2024 03:30:00 +0000

Type Values Removed Values Added
Description 3DSecure 2.0 allows XSS in its 3DSMethod Authentication via a modified params parameter in a /rest/online request with a /redirect?action=challenge&txn= substring.
References

cve-icon MITRE

Status: REJECTED

Assigner: mitre

Published:

Updated: 2024-10-22T20:54:43.062377

Reserved: 2024-02-07T00:00:00

Link: CVE-2024-25282

cve-icon Vulnrichment

Updated: 2024-10-09T04:03:17.187Z

cve-icon NVD

Status : Rejected

Published: 2024-10-09T04:15:07.287

Modified: 2024-10-22T21:15:06.000

Link: CVE-2024-25282

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.