The amazon PAYFORT payfort-php-SDK payment gateway SDK vulnerabilities – 14th Nov 2018

Preface:
PAYFORT Online Payment Gateway is the most Trusted in the Middle East. PAYFORT is here to help you accept online payments, reduce fraud & max your transaction amount.
Remark: On Mar 2018, official announce that PayFort International Inc. and its subsidiaries will be acquired by Amazon.

Vulnerabilities synopsis:
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS vulnerabilities occurs!

What is Cross-site Scripting (XSS)?
Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts (also commonly referred to as a malicious payload) into a legitimate website or web application.

Impact:
One of the most common XSS attack vectors is to hijack legitimate user accounts by stealing their session cookies. This allows attackers to impersonate victims and access any sensitive information or functionality on their behalf.

The vulnerability details can be found in the following URL:

https://www.seekurity.com/blog/general/payfort-multiple-security-issues-and-concerns-in-a-supposed-to-be-pci-dss-compliant-payment-processor-sdk/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.