Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:32395
HistoryOct 06, 2021 - 5:56 a.m.

Information Disclosure

2021-10-0605:56:25
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
sylius paypal
predictable url
autoincremented
payment id
prefilled form
sensitive information

EPSS

0.002

Percentile

57.2%

sylius/paypalplugin is vulnerable to information disclosure. An attacker is able to predict the URL to the payment done page, after checkout due to the use of autoincremented payment id in page creation.Prefilled credit card form shows customer’s first and last name resulting in sensitive information disclosure.

EPSS

0.002

Percentile

57.2%

Related for VERACODE:32395