DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

References

No reference.

History

Tue, 22 Oct 2024 21:30:00 +0000


Tue, 22 Oct 2024 21:00:00 +0000

Type Values Removed Values Added
Description 3DSecure 2.0 allows reflected XSS in the 3DS Authorization Challenge via a modified params parameter in a /rest/online request with a /redirect?action=challenge&txn= substring. DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

Wed, 09 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared 3dsecure
3dsecure 3dsecure
Weaknesses CWE-79
CPEs cpe:2.3:a:3dsecure:3dsecure:2.0:*:*:*:*:*:*:*
Vendors & Products 3dsecure
3dsecure 3dsecure
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 09 Oct 2024 03:30:00 +0000

Type Values Removed Values Added
Description 3DSecure 2.0 allows reflected XSS in the 3DS Authorization Challenge via a modified params parameter in a /rest/online request with a /redirect?action=challenge&txn= substring.
References

cve-icon MITRE

Status: REJECTED

Assigner: mitre

Published:

Updated: 2024-10-22T20:55:28.909646

Reserved: 2024-02-07T00:00:00

Link: CVE-2024-25283

cve-icon Vulnrichment

Updated: 2024-10-09T04:03:18.735Z

cve-icon NVD

Status : Rejected

Published: 2024-10-09T04:15:07.483

Modified: 2024-10-22T21:15:06.147

Link: CVE-2024-25283

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.