CVE-2024-25285 | Redsys 3DSecure 2.0 threeDSMethodNotificationURL cross site scripting

Posted by Angelo Barbosa | Sep 12, 2024 | CVE

A vulnerability classified as problematic has been found in Redsys 3DSecure 2.0. Affected is an unknown function. The manipulation of the argument threeDSMethodNotificationURL leads to cross site scripting.

This vulnerability is traded as CVE-2024-25285. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

CVE-2024-25285 | Redsys 3DSecure 2.0 threeDSMethodNotificationURL cross site scripting

Related Posts

CVE-2023-48964 | Tenda i6 1.0.0.8 /goform/WifiMacFilterSet buffer overflow

CVE-2024-41839 | Adobe Experience Manager up to 6.5.20 input validation (apsb24-28)

CVE-2024-26289 | PMB up to 7.3.17/7.4.8/7.5.6-1 deserialization

CVE-2023-51544 | Metagauss RegistrationMagic Plugin up to 5.2.5.0 on WordPress improper control of interaction frequency