CVE-2021-47885

Summary

Multiple payment terminal versions contain non-persistent cross-site scripting vulnerabilities in billing and payment information input fields. Attackers can inject malicious script code through vulnerable parameters to manipulate client-side requests and potentially execute session hijacking or phishing attacks.

Affected Software

VendorProductVersion RangeStatus
CriticalGearsPayPal PRO Payment Terminal3.1affected
CriticalGearsStripe Payment Terminal2.2.1affected
Authorize.netPayment Terminal2.4.1affected

Weaknesses

  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References