CVE-2024-25283

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

22 Oct 2024, 21:15

Type	Values Removed	Values Added
CWE	~~CWE-79~~
Summary	(es) 3DSecure 2.0 permite XSS reflejado en el desafío de autorización 3DS a través de un parámetro params modificado en una solicitud /rest/online con una subcadena /redirect?action=challenge&txn=.
Summary	~~(en) 3DSecure 2.0 allows reflected XSS in the 3DS Authorization Challenge via a modified params parameter in a /rest/online request with a /redirect?action=challenge&txn= substring.~~	(en) Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
References	~~{'url': 'https://pagosonline.redsys.es/funcionalidades-autenticacion3DS.html', 'source': 'cve@mitre.org'}~~ ~~{'url': 'https://seclists.org/fulldisclosure/2024/Sep/28', 'source': 'cve@mitre.org'}~~
CVSS	v2 : ~~unknown~~ v3 : ~~5.4~~	v2 : unknown v3 : unknown

09 Oct 2024, 15:35

Type	Values Removed	Values Added
Summary		(es) 3DSecure 2.0 permite XSS reflejado en el desafío de autorización 3DS a través de un parámetro params modificado en una solicitud /rest/online con una subcadena /redirect?action=challenge&txn=.
CWE		CWE-79
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.4

09 Oct 2024, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-09 04:15

Updated : 2024-10-22 21:15

NVD link : CVE-2024-25283

Mitre link : CVE-2024-25283

CVE.ORG link : CVE-2024-25283

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2024-25283

Attach tags to `CVE-2024-25283`