| |
Vulnerability CVE-2004-1209
Published: 2005-01-10 Modified: 2012-02-12
| Description: |
Verisign Payflow Link, when running with empty Accepted URL fields, does not properly verify the data in the hidden AMOUNT field, which allows remote attackers to modify the price of the items that they purchase. |
CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
5/10 |
2.9/10 |
10/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
None |
Partial |
None |
References: |
http://marc.info/?l=bugtraq&m=110181288820226&w=2
http://xforce.iss.net/xforce/xfdb/18299
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
