CVE-2024-33979

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Aug 6, 2024
Updated: Aug 15, 2024
CWE ID 79

Summary

CVE-2024-33979 is a Cross-Site Scripting (XSS) vulnerability identified in PayPal's payment system, affecting version 1.0. Malicious actors can exploit this issue by constructing a deceitful URL and sending it to a victim. Upon the victim clicking the URL, an attacker could potentially gain unauthorized access to the victim's session cookie using the 'q', 'arrival', 'departure', and 'accomodation' parameters within the '/index.php' page. This vulnerability could lead to sensitive information being stolen or manipulated. It is crucial for PayPal to address this security weakness promptly to protect its users from potential attacks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share